Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.
When software includes functionality from untrusted sources (such as third-party scripts, external modules, or code from untrusted URLs), attackers can inject malicious code that will be executed with the same privileges as the application.
So behebst du diese Schwachstelle
Präventionsstrategien für Inclusion of Untrusted Functionality basierend auf 4 Shoulder-Erkennungsregeln.
Use an allowlist for permitted models, verify integrity with checksums, and load models over HTTPS only
- func handler(w http.ResponseWriter, r *http.Request) { - modelPath := r.FormValue("model") - model, _ := loadModel(modelPath) - resp, _ := http.Get("http://example.com/model.onnx") + var allowedModels = map[string]string{ + "sentiment": "https://models.example.com/sentiment-v2.onnx", + "classify": "https://models.example.com/classify-v1.onnx", + } + + func handler(w http.ResponseWriter, r *http.Request) { + modelID := r.FormValue("model") + url, ok := allowedModels[modelID] + if !ok { + http.Error(w, "invalid model", http.StatusBadRequest) + return + } + data, _ := downloadModel(url) + if !verifyChecksum(data, expectedChecksums[modelID]) { + return fmt.Errorf("checksum verification failed") + } + model, _ := loadModel(data) }
Use allowlists for permitted models and verify integrity with checksums
- app.post('/predict', async (req, res) => { - const model = await loadModel(req.body.modelId); + const ALLOWED_MODELS = { 'sentiment-v1': true, 'classify-v2': true }; + + app.post('/predict', async (req, res) => { + if (!ALLOWED_MODELS[req.body.modelId]) { + return res.status(400).json({ error: 'Model not allowed' }); + } + const model = await loadVerifiedModel(req.body.modelId); const result = await model.predict(req.body.input); });
Pin container images to specific version tags or SHA digests for reproducible deployments
apiVersion: v1 kind: Pod spec: containers: - name: app - image: nginx:latest + image: nginx:1.25.3-alpine
Use weights_only=True with torch.load, avoid trust_remote_code=True, and maintain a model allowlist
import torch from transformers import AutoModel - - model = torch.load('model.pt') - nlp_model = AutoModel.from_pretrained('custom/model', trust_remote_code=True) + from safetensors.torch import load_model + + # Safe: weights_only prevents arbitrary code execution + model = torch.load('model.pt', weights_only=True) + + # Even safer: use SafeTensors format + load_model(model, 'model.safetensors') + + # Allowlist for HuggingFace models + ALLOWED_MODELS = ['bert-base-uncased', 'distilbert-base-uncased'] + model_id = request.json['model'] + if model_id not in ALLOWED_MODELS: + raise ValueError('Model not in allowlist') + nlp_model = AutoModel.from_pretrained(model_id)
Finden Sie Schwachstellen in Ihrem Code
Verwenden Sie Shoulder, um Ihren Code nach Inclusion of Functionality from Untrusted Control Sphere-Mustern zu scannen. 4 Regeln.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=829 # Or scan entire project npx @shoulderdev/cli trust .
Erkennungsregeln (4)
Worauf bei Code-Reviews zu achten ist
Diese Muster weisen auf potenzielle Inclusion of Functionality from Untrusted Control Sphere-Schwachstellen hin. Achten Sie bei Code-Reviews und Sicherheitsaudits darauf.
Scanne deine Codebasis nach Inclusion of Functionality from Untrusted Control Sphere
Shoulder CLI findet anfällige Muster in deiner gesamten Codebasis.