LiveActive security incident?Get immediate response
CWE Reference

CWE-99: Improper Control of Resource Identifiers… | Glexia

CWE-99 (Improper Control of Resource Identifiers ('Resource Injection')) weakness overview with consequences, detection methods, mitigations, related CVEs and…

Release 4.20weaknessDraft

Glexia's Take · Automated analysis

CWE-99: Insecure Direct Object Reference

Improper Control of Resource Identifiers ('Resource Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Confidentiality,Integrity: Read Application Data,Modify Application Data,Read Files or Directories,Modify Files or Directories: An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information.

Developer Pattern

CWE-99 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Automation confidence

high confidence from CWE-99, 4.20.

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Official CWE Definition

CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

Type
weakness
Abstraction
Class
Status
Draft
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • The following Java code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as "../../tomcat/conf/server.xml", which causes the application to delete one of its own configuration files.
  • The following code uses input from the command line to determine which file to open and echo back to the user. If the program runs with privileges and malicious users can create soft links to the file, they can use the program to read the first part of any file on the system. The kind of resource the data affects indicates the kind of content that may be dangerous. For example, data containing special characters like period, slash, and backslash, are risky when used in methods that interact with the file system. (Resource injection, when it is related to file system resources, sometimes goes by the name "path manipulation.") Similarly, data that contains URLs and URIs is risky for functions that create remote connections.

Remediation

  • Use safe APIs
  • Centralize the control
  • Add regression tests
  • Review logs and telemetry for attempted abuse

Detection

  • Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Mappings

Related CVEs, CWEs, and ATT&CK context