# Usage of Trusted and Untrusted Data inside the same Data Structure

## Overview

* **Rule ID**: `java_lang_trust_boundary_violation`
* **Applicable Languages**: Java
* **Weakness ID**: CWE-501

## Description

Combining trusted and untrusted data within a single data structure presents a serious security risk. This practice can lead to untrusted data being mistakenly treated as reliable, potentially resulting in security vulnerabilities.

## Remediation Guidelines

* **Do not** combine trusted and untrusted data in the same data structure. Keeping them separate ensures that untrusted data does not inadvertently acquire the same level of trust as verified data.

## References

* [**CWE-501: Trust Boundary Violation**](https://cwe.mitre.org/data/definitions/501.html)
* [**OWASP Top 10: A04:2021 - Insecure Design**](https://owasp.org/Top10/A04_2021-Insecure_Design/)

## Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our [**SAST TOOL**](https://scopy.sec1.io/login)