Baseline for Ed 2 of tr 24772



Yüklə 1,13 Mb.
səhifə1/54
tarix16.08.2018
ölçüsü1,13 Mb.
  1   2   3   4   5   6   7   8   9   ...   54

Baseline Edition – 3 TR 24772-1


ISO/IEC JTC 1/SC 22/WG23 N068477

Date: 10 January9 September 20176

ISO/IEC TR 24772-1

Edition 3

ISO/IEC JTC 1/SC 22/WG 23

Secretariat: ANSI

Information Technology — Programming languages — Guidance to avoiding vulnerabilities in programming languages

Document type: International standard

Document subtype: if applicable

Document stage: (10) development stage

Document language: E


Élément introductif — Élément principal — Partie n: Titre de la partie

Warning

This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an International Standard.



Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation.

Copyright notice

This ISO document is a working draft or committee draft and is copyright-protected by ISO. While the reproduction of working drafts or committee drafts in any form for use by participants in the ISO standards development process is permitted without prior permission from ISO, neither this document nor any extract from it may be reproduced, stored or transmitted in any form for any other purpose without prior written permission from ISO.

Requests for permission to reproduce this document for the purpose of selling it should be addressed as shown below or to ISO’s member body in the country of the requester:

ISO copyright office

Case postale 56, CH-1211 Geneva 20

Tel. + 41 22 749 01 11

Fax + 41 22 749 09 47

E-mail copyright@iso.org

Web www.iso.org

Reproduction for sales purposes may be subject to royalty payments or a licensing agreement.

Violators may be prosecuted.

Contents Page


Foreword 5

Introduction 6

1. Scope 7

2. Normative references 7

3. Terms and definitions, symbols and conventions 8

3.1 Terms and definitions 8

3.2 Symbols and conventions 14

4. Basic concepts 15

4.1 Purpose of this Technical Report 15

4.2 Intended audience 15

4.3 How to use this document 16



5 Vulnerability issues and general avoidance mechanisms 19

5.1 Predictable execution 19

5.2 Sources of unpredictability in language specification 21

5.2.1 Incomplete or evolving specification 21

5.2.2 Undefined behaviour 21

5.2.3 Unspecified behaviour 21

5.2.4 Implementation-defined behaviour 21

5.2.5 Difficult features 22

5.2.6 Inadequate language support 22

5.3 Sources of unpredictability in language usage 22

5.3.1 Porting and interoperation 22

5.3.2 Compiler selection and usage 23

5.4 Top avoidance mechanisms (guidance?) 23

6. Programming Language Vulnerabilities 26

6.1 General 26

6.2 Type System [IHN] 27

6.3 Bit Representations [STR] 31

6.4 Floating-point Arithmetic [PLF] 33

6.5 Enumerator Issues [CCB] 38

6.6 Conversion Errors [FLC] 41

6.7 String Termination [CJM] 44

6.8 Buffer Boundary Violation (Buffer Overflow) [HCB] 46

6.9 Unchecked Array Indexing [XYZ] 50

6.10 Unchecked Array Copying [XYW] 52

6.11 Pointer Type Conversions [HFC] 54

6.12 Pointer Arithmetic [RVG] 56

6.13 Null Pointer Dereference [XYH] 58

6.14 Dangling Reference to Heap [XYK] 59

6.15 Arithmetic Wrap-around Error [FIF] 63

6.16 Using Shift Operations for Multiplication and Division [PIK] 65

6.17 Choice of Clear Names [NAI]. 67

6.18 Dead Store [WXQ] 70

6.19 Unused Variable [YZS] 72

6.20 Identifier Name Reuse [YOW] 73

6.21 Namespace Issues [BJL] 77

6.22 Initialization of Variables [LAV] 79

6.23 Operator Precedence and Associativity [JCW] 83

6.24 Side-effects and Order of Evaluation of Operands [SAM] 85

6.25 Likely Incorrect Expression [KOA] 87

6.26 Dead and Deactivated Code [XYQ] 90

6.27 Switch Statements and Static Analysis [CLL] 94

6.28 Demarcation of Control Flow [EOJ] 96

6.29 Loop Control Variables [TEX] 98

6.30 Off-by-one Error [XZH] 100

6.31 Structured Programming [EWD] 102

6.32 Passing Parameters and Return Values [CSJ] 104

6.33 Dangling References to Stack Frames [DCM] 108

6.34 Subprogram Signature Mismatch [OTR] 111

6.35 Recursion [GDL] 114

6.36 Ignored Error Status and Unhandled Exceptions [OYB] 116

6.37 6.37 Fault Tolerance and Failure Strategies [REU] 120

6.38 Type-breaking Reinterpretation of Data [AMV] 125

6.39 Deep vs. Shallow Copying [YAN] 128

6.40 Memory Leaks and Heap Fragmentation [XYL] 130

6.41 Templates and Generics [SYM] 133

6.42 Inheritance [RIP] 136

6.43 Violations of the Liskov Liskov Substitution Principle or the Contract Model [BLP] 140

6.44 Redispatching [PPH] 142

6.45 Polymorphic variables [BKK] 145

6.46 Extra Intrinsics [LRM] 148

6.47 Argument Passing to Library Functions [TRJ] 150

6.48 Inter-language Calling [DJS] 151

6.49 Dynamically-linked Code and Self-modifying Code [NYY] 154

6.50 Library Signature [NSQ] 156

6.51 Unanticipated Exceptions from Library Routines [HJW] 158

6.52 Pre-processor Directives [NMP] 160

6.53 Suppression of Language-defined Run-time Checking [MXB] 162

6.54 Provision of Inherently Unsafe Operations [SKL] 164

6.55 Obscure Language Features [BRS] 166

6.56 Unspecified Behaviour [BQF] 168

6.57 Undefined Behaviour [EWF] 170

6.58 Implementation-defined Behaviour [FAB] 173

6.59 Deprecated Language Features [MEM] 176

6.60 Concurrency – Activation [CGA] 178

6.61 Concurrency – Directed termination [CGT] 181

6.62 Concurrent Data Access [CGX] 183

6.63 Concurrency – Premature Termination [CGS] 186

6.64 Protocol Lock Errors [CGM] 189

6.65 Reliance on External Format String [SHL] 193



7. Application Vulnerabilities 195

7.1 General 195

7.2 Unrestricted File Upload [CBF] 195

7.3 Download of Code Without Integrity Check [DLB] 197

7.4 Inclusion of Functionality from Untrusted Control Sphere [DHU] 198

7.5 URL Redirection to Untrusted Site ('Open Redirect') [PYQ] 200

7.6 Use of unchecked data from an uncontrolled or tainted source [EFS] 201

7.7 Cross-site Scripting [XYT] 203

7.8 Adherence to Least Privilege [XYN] 207

7.9 Privilege Sandbox Issues [XYO] 208

7.10 Executing or Loading Untrusted Code [XYS] 210

7.11 Missing Required Cryptographic Step [XZS] 212

7.12 Insufficiently Protected Credentials [XYM] 213

7.13 Missing or Inconsistent Access Control [XZN] 214

7.14 Authentication Logic Error [XZO] 215

7.15 Hard-coded Password [XYP] 218

7.16 Sensitive Information Uncleared Before Use [XZK] 220

7.17 Improperly Verified Signature [XZR] 221

7.18 Use of a One-Way Hash without a Salt [MVX] 222

7.19 Inadequately Secure Communication of Shared Resources [CGY] 223

7.20 Memory Locking [XZX] 226

7.21 Resource Exhaustion [XZP] 227

7.22 Time Consumption Measurement [CCM] 229

7.23 Incorrect Authorization [BJE] 231

7.24 Improper Restriction of Excessive Authentication Attempts [WPL] 232

7.25 Unspecified Functionality [BVQ] 233

7.26 Distinguished Values in Data Types [KLK] 235

7.27 Resource Names [HTS] 237

7.28 Injection [RST] 239

7.29 Unquoted Search Path or Element [XZQ] 244

7.30 Discrepancy Information Leak [XZL] 245

7.31 Path Traversal [EWR] 247

7.32 Clock Issues [CCI] 251

7.33 Time Drift and Jitter [CDJ] 255



Annex A
(informative)
Vulnerability Taxonomy and List 258

A.1 General 258

A.2 Outline of Programming Language Vulnerabilities 258

A.3 Outline of Application Vulnerabilities 261

A.4 Vulnerability List 262

Annex B
(informative)
Language Specific Vulnerability Template 267

Bibliography 272



Index 276

Foreword 5

Introduction 6

1. Scope 7

2. Normative references 7

3. Terms and definitions, symbols and conventions 8

3.1 Terms and definitions 8

3.2 Symbols and conventions 14

4. Basic concepts 15

4.1 Purpose of this Technical Report 15

4.2 Intended audience 15

4.3 How to use this document 16



5 Vulnerability issues and general avoidance mechanisms 19

5.1 Predictable execution 19

5.2 Sources of unpredictability in language specification 21

5.2.1 Incomplete or evolving specification 21

5.2.2 Undefined behaviour 21

5.2.3 Unspecified behaviour 21

5.2.4 Implementation-defined behaviour 21

5.2.5 Difficult features 22

5.2.6 Inadequate language support 22

5.3 Sources of unpredictability in language usage 22

5.3.1 Porting and interoperation 22

5.3.2 Compiler selection and usage 23

5.4 Top avoidance mechanisms (guidance?) 23

6. Programming Language Vulnerabilities 26

6.1 General 26

6.2 Type System [IHN] 27

6.3 Bit Representations [STR] 31

6.4 Floating-point Arithmetic [PLF] 33

6.5 Enumerator Issues [CCB] 38

6.6 Conversion Errors [FLC] 41

6.7 String Termination [CJM] 44

6.8 Buffer Boundary Violation (Buffer Overflow) [HCB] 46

6.9 Unchecked Array Indexing [XYZ] 50

6.10 Unchecked Array Copying [XYW] 52

6.11 Pointer Type Conversions [HFC] 54

6.12 Pointer Arithmetic [RVG] 56

6.13 Null Pointer Dereference [XYH] 58

6.14 Dangling Reference to Heap [XYK] 59

6.15 Arithmetic Wrap-around Error [FIF] 63

6.16 Using Shift Operations for Multiplication and Division [PIK] 65

6.17 Choice of Clear Names [NAI]. 67

6.18 Dead Store [WXQ] 70

6.19 Unused Variable [YZS] 72

6.20 Identifier Name Reuse [YOW] 73

6.21 Namespace Issues [BJL] 77

6.22 Initialization of Variables [LAV] 79

6.23 Operator Precedence and Associativity [JCW] 83

6.24 Side-effects and Order of Evaluation of Operands [SAM] 85

6.25 Likely Incorrect Expression [KOA] 87

6.26 Dead and Deactivated Code [XYQ] 90

6.27 Switch Statements and Static Analysis [CLL] 94

6.28 Demarcation of Control Flow [EOJ] 96

6.29 Loop Control Variables [TEX] 98

6.30 Off-by-one Error [XZH] 100

6.31 Structured Programming [EWD] 102

6.32 Passing Parameters and Return Values [CSJ] 104

6.33 Dangling References to Stack Frames [DCM] 108

6.34 Subprogram Signature Mismatch [OTR] 111

6.35 Recursion [GDL] 114

6.36 Ignored Error Status and Unhandled Exceptions [OYB] 116

6.37 6.37 Fault Tolerance and Failure Strategies [REU] 120

6.38 Type-breaking Reinterpretation of Data [AMV] 125

6.39 Deep vs. Shallow Copying [YAN] 128

6.40 Memory Leaks and Heap Fragmentation [XYL] 130

6.41 Templates and Generics [SYM] 133

6.42 Inheritance [RIP] 136

6.43 Violations of the Liskov Liskov Substitution Principle or the Contract Model [BLP] 140

6.44 Redispatching [PPH] 142

6.45 Polymorphic variables [BKK] 145

6.46 Extra Intrinsics [LRM] 148

6.47 Argument Passing to Library Functions [TRJ] 150

6.48 Inter-language Calling [DJS] 151

6.49 Dynamically-linked Code and Self-modifying Code [NYY] 154

6.50 Library Signature [NSQ] 156

6.51 Unanticipated Exceptions from Library Routines [HJW] 158

6.52 Pre-processor Directives [NMP] 160

6.53 Suppression of Language-defined Run-time Checking [MXB] 162

6.54 Provision of Inherently Unsafe Operations [SKL] 164

6.55 Obscure Language Features [BRS] 166

6.56 Unspecified Behaviour [BQF] 168

6.57 Undefined Behaviour [EWF] 170

6.58 Implementation-defined Behaviour [FAB] 173

6.59 Deprecated Language Features [MEM] 176

6.60 Concurrency – Activation [CGA] 178

6.61 Concurrency – Directed termination [CGT] 181

6.62 Concurrent Data Access [CGX] 183

6.63 Concurrency – Premature Termination [CGS] 186

6.64 Protocol Lock Errors [CGM] 189

6.65 Reliance on External Format String [SHL] 193



7. Application Vulnerabilities 195

7.1 General 195

7.2 Unrestricted File Upload [CBF] 195

7.3 Download of Code Without Integrity Check [DLB] 197

7.4 Inclusion of Functionality from Untrusted Control Sphere [DHU] 198

7.5 URL Redirection to Untrusted Site ('Open Redirect') [PYQ] 200

7.6 Use of unchecked data from an uncontrolled or tainted source [EFS] 201

7.7 Cross-site Scripting [XYT] 203

7.8 Adherence to Least Privilege [XYN] 207

7.9 Privilege Sandbox Issues [XYO] 208

7.10 Executing or Loading Untrusted Code [XYS] 210

7.11 Missing Required Cryptographic Step [XZS] 212

7.12 Insufficiently Protected Credentials [XYM] 213

7.13 Missing or Inconsistent Access Control [XZN] 214

7.14 Authentication Logic Error [XZO] 215

7.15 Hard-coded Password [XYP] 218

7.16 Sensitive Information Uncleared Before Use [XZK] 220

7.17 Improperly Verified Signature [XZR] 221

7.18 Use of a One-Way Hash without a Salt [MVX] 222

7.19 Inadequately Secure Communication of Shared Resources [CGY] 223

7.20 Memory Locking [XZX] 226

7.21 Resource Exhaustion [XZP] 227

7.22 Time Consumption Measurement [CCM] 229

7.23 Incorrect Authorization [BJE] 231

7.24 Improper Restriction of Excessive Authentication Attempts [WPL] 232

7.25 Unspecified Functionality [BVQ] 233

7.26 Distinguished Values in Data Types [KLK] 235

7.27 Resource Names [HTS] 237

7.28 Injection [RST] 239

7.29 Unquoted Search Path or Element [XZQ] 244

7.30 Discrepancy Information Leak [XZL] 245

7.31 Path Traversal [EWR] 247

7.32 Clock Issues [CCI] 251

7.33 Time Drift and Jitter [CDJ] 255



Annex A
(informative)
Vulnerability Taxonomy and List 258

A.1 General 258

A.2 Outline of Programming Language Vulnerabilities 258

A.3 Outline of Application Vulnerabilities 261

A.4 Vulnerability List 262

Annex B
(informative)
Language Specific Vulnerability Template 267

Bibliography 272



Index 276





Dostları ilə paylaş:
  1   2   3   4   5   6   7   8   9   ...   54


Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©genderi.org 2019
rəhbərliyinə müraciət

    Ana səhifə