Usage of Trusted and Untrusted Data inside the same Data Structure
PreviousUsage of small key size with Blowfish encryptionNextUsage of vulnerable Apache Commons Collections InvokeTransformer class
Last updated
Last updated
Rule ID: java_lang_trust_boundary_violation
Applicable Languages: Java
Weakness ID: CWE-501
Combining trusted and untrusted data within a single data structure presents a serious security risk. This practice can lead to untrusted data being mistakenly treated as reliable, potentially resulting in security vulnerabilities.
Do not combine trusted and untrusted data in the same data structure. Keeping them separate ensures that untrusted data does not inadvertently acquire the same level of trust as verified data.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our