CWE

Only Filtering Special Elements Relative to a Marker

ID: 796		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component.

Applicable Platforms
None

Common Consequences

Scope	Technical Impact	Notes
Integrity	Unexpected state

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-796 ChildOf CWE-795	Weakness	CWE-1000

Demonstrative Examples   (Details)

1. The following code takes untrusted input and uses a regular expression to filter a "../" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path. (Demonstrative Example Id DX-3)

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None