Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
This weakness covers three distinct situations: Missing a protection mechanism, using a faulty protection mechanism, or incorrectly applying a protection mechanism. A missing protection mechanism occurs when the application does not defend against a specific attack. A faulty protection mechanism occurs when the application does defend against a specific attack, but the protection mechanism is not implemented correctly.
Cómo corregir esta vulnerabilidad
Estrategias de prevención para Protection Mechanism Failure basadas en 8 reglas de detección de Shoulder.
Add a HEALTHCHECK instruction to enable container health monitoring
FROM node:24-alpine WORKDIR /app COPY . . EXPOSE 3000 + HEALTHCHECK --interval=30s --timeout=10s --retries=3 \ + CMD curl -f http://localhost:3000/health || exit 1 CMD ["node", "server.js"]
Add security headers middleware to Chi router
package main import ( "net/http" "github.com/go-chi/chi/v5" ) - func main() { - r := chi.NewRouter() + func securityHeaders(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("X-Frame-Options", "DENY") + w.Header().Set("X-Content-Type-Options", "nosniff") + w.Header().Set("X-XSS-Protection", "1; mode=block") + next.ServeHTTP(w, r) + }) + } + + func main() { + r := chi.NewRouter() + r.Use(securityHeaders) r.Get("/", homeHandler) http.ListenAndServe(":8080", r) }
Add Echo Secure middleware to set security HTTP headers
package main - import "github.com/labstack/echo/v4" - - func main() { - e := echo.New() + import ( + "github.com/labstack/echo/v4" + "github.com/labstack/echo/v4/middleware" + ) + + func main() { + e := echo.New() + e.Use(middleware.SecureWithConfig(middleware.SecureConfig{ + XFrameOptions: "DENY", + ContentTypeNosniff: "nosniff", + XSSProtection: "1; mode=block", + ContentSecurityPolicy: "default-src 'self'", + })) e.GET("/", homeHandler) e.Start(":8080") }
Add Fiber Helmet middleware to set security HTTP headers
package main - import "github.com/gofiber/fiber/v2" - - func main() { - app := fiber.New() + import ( + "github.com/gofiber/fiber/v2" + "github.com/gofiber/fiber/v2/middleware/helmet" + ) + + func main() { + app := fiber.New() + app.Use(helmet.New()) app.Get("/", homeHandler) app.Listen(":3000") }
Add Helmet middleware to set security headers automatically
const express = require('express'); - const app = express(); + const helmet = require('helmet'); + const app = express(); + + app.use(helmet()); app.get('/', (req, res) => { res.send('<h1>Hello</h1>'); });
Encuentra vulnerabilidades en tu código
Usa Shoulder para escanear tu código en busca de patrones Protection Mechanism Failure. 8 reglas.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=693 # Or scan entire project npx @shoulderdev/cli trust .
Reglas de Detección (8)
Qué buscar en las revisiones de código
Estos patrones indican vulnerabilidades potenciales de Protection Mechanism Failure. Búscalos durante las revisiones de código y auditorías de seguridad.
Escanea tu base de código para Protection Mechanism Failure
Shoulder CLI encuentra patrones vulnerables en toda tu base de código.