Difetti di sicurezza
Questi difetti evidenziano i punti del codice vulnerabili ad attacchi hacker o altri attacchi alla sicurezza. Molti di questi difetti non causano errori di runtime, ma indicano invece aree rischiose nel codice. I difetti includono:
Gestione dei dati sensibili
Utilizzo di funzioni pericolose o obsolete
Generazione di numeri casuali
Percorsi e comandi controllati esternamente
Risultati di Polyspace
File access between time of check and use (TOCTOU) | File or folder might change state due to access race |
File descriptor exposure to child process | Copied file descriptor used in multiple processes |
File manipulation after chroot without chdir | Path-related vulnerabilities for file manipulated after
call to chroot |
Inappropriate I/O operation on device files | Operation can result in security vulnerabilities or a system failure |
Unsafe call to a system function | Unsanitized command argument has exploitable vulnerabilities |
Use of non-secure temporary file | Temporary generated file name not secure |
Vulnerable path manipulation | Path argument with /../, /abs/path/,
or other unsecure elements |
Bad order of dropping privileges | Dropped higher elevated privileges before dropping lower elevated privileges |
Privilege drop not verified | Attacker can gain unintended elevated access to program |
Umask used with chmod-style arguments | Argument to umask allows external user
too much control |
Vulnerable permission assignments | Argument gives read/write/search permissions to external users |
Unsafe standard encryption function | Function is not reentrant or uses a risky encryption algorithm |
Unsafe standard function | Function unsafe for security-related purposes |
Use of dangerous standard function | Dangerous functions cause possible buffer overflow in destination buffer |
Use of obsolete standard function | Obsolete routines can cause security vulnerabilities and portability issues |
LDAP injection | Data read from an untrusted source is used in the construction of an LDAP query (Da R2023a) |
SQL injection | Data read from an untrusted source is used in the construction of an SQL query (Da R2023a) |
Deterministic random output from constant seed | Seeding routine uses a constant seed making the output deterministic |
Predictable random output from predictable seed | Seeding routine uses a predictable seed making the output predictable |
Vulnerable pseudo-random number generator | Using a cryptographically weak pseudo-random number generator |
Critical data
member is not private | A critical data member is declared public (Da R2022a) |
Errno not checked | errno is not checked for error conditions
following function call |
Execution of a binary from a relative path can
be controlled by an external actor | Command with relative path is vulnerable to malicious attack |
Function pointer assigned with absolute
address | Constant expression is used as function address is vulnerable to code injection |
Hard-coded
sensitive data | Sensitive data is exposed in code, for instance as string literals |
Incorrect order of network connection
operations | Socket is not correctly established due to bad order of connection steps or missing steps |
Information leak
via structure padding | Padding bytes can contain sensitive information |
Load of library from a relative path can be
controlled by an external actor | Library loaded with relative path is vulnerable to malicious attacks |
Mismatch between data length and
size | Data size argument is not computed from actual data length |
Missing case for switch
condition | switch variable not covered by cases and default case is
missing |
Misuse of readlink() | Third argument of readlink does not
leave space for null terminator in buffer |
Plain text
password stored in file system | Password stored in files in plain text format (Da R2023b) |
Resource
injection | Data input is not properly restricted before being used as a resource identifier (Da R2024a) |
Returned value of a sensitive function not
checked | Sensitive functions called without checking for unexpected return values and errors |
Sensitive data printed out | Function prints sensitive data |
Sensitive heap memory not cleared before
release | Sensitive data not cleared or released by memory routine |
Uncertain memory
cleaning | The code clears information that might be sensitive from memory but compiler optimization might leave the information untouched (Da R2022a) |
Uncleared sensitive data in
stack | Variable in stack is not cleared and contains sensitive data |
Argomenti
- Bug Finder Defect Groups
The Bug Finder defect checkers are classified into groups such as data flow, concurrency, numerical, and so on.
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Seleziona un sito web
Seleziona un sito web per visualizzare contenuto tradotto dove disponibile e vedere eventi e offerte locali. In base alla tua area geografica, ti consigliamo di selezionare: .
Puoi anche selezionare un sito web dal seguente elenco:
Come ottenere le migliori prestazioni del sito
Per ottenere le migliori prestazioni del sito, seleziona il sito cinese (in cinese o in inglese). I siti MathWorks per gli altri paesi non sono ottimizzati per essere visitati dalla tua area geografica.
Americhe
- América Latina (Español)
- Canada (English)
- United States (English)
Europa
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)