CWE-375 返回不可变的对象给非可信调用者

Returning a Mutable Object to an Untrusted Caller

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: Medium

基本描述

Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.

扩展描述

In situations where functions return references to mutable data, it is possible that the external code which called the function may make changes to the data sent. If this data was not previously cloned, the class will then be using modified data which may violate assumptions about its internal state.

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 668 cwe_View_ID: 1000 cwe_Ordinal: Primary

适用平台

Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'Java', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C#', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

可能的缓解方案

Implementation

策略:

Declare returned data which should not be altered as constant or immutable.

Implementation

策略:

Clone all mutable data before returning references to it. This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.

示例代码

例

This class has a private list of patients, but provides a way to see the list :

bad Java

While this code only means to allow reading of the patient list, the getPatients() method returns a reference to the class's original patient list instead of a reference to a copy of the list. Any caller of this method can arbitrarily modify the contents of the patient list even though it is a private member of the class.

分类映射

文章来源于互联网:scap中文网