Usage of Trusted and Untrusted Data inside the same Data Structure

Overview

Rule ID: java_lang_trust_boundary_violation
Applicable Languages: Java
Weakness ID: CWE-501

Description

Combining trusted and untrusted data within a single data structure presents a serious security risk. This practice can lead to untrusted data being mistakenly treated as reliable, potentially resulting in security vulnerabilities.

Remediation Guidelines

Do not combine trusted and untrusted data in the same data structure. Keeping them separate ensures that untrusted data does not inadvertently acquire the same level of trust as verified data.

References

CWE-501: Trust Boundary Violation
OWASP Top 10: A04:2021 - Insecure Design

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of small key size with Blowfish encryption NextUsage of vulnerable Apache Commons Collections InvokeTransformer class

Last updated 3 months ago