Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.
When software includes functionality from untrusted sources (such as third-party scripts, external modules, or code from untrusted URLs), attackers can inject malicious code that will be executed with the same privileges as the application.
Cómo corregir esta vulnerabilidad
Estrategias de prevención para Inclusion of Untrusted Functionality basadas en 4 reglas de detección de Shoulder.
Use an allowlist for permitted models, verify integrity with checksums, and load models over HTTPS only
- func handler(w http.ResponseWriter, r *http.Request) { - modelPath := r.FormValue("model") - model, _ := loadModel(modelPath) - resp, _ := http.Get("http://example.com/model.onnx") + var allowedModels = map[string]string{ + "sentiment": "https://models.example.com/sentiment-v2.onnx", + "classify": "https://models.example.com/classify-v1.onnx", + } + + func handler(w http.ResponseWriter, r *http.Request) { + modelID := r.FormValue("model") + url, ok := allowedModels[modelID] + if !ok { + http.Error(w, "invalid model", http.StatusBadRequest) + return + } + data, _ := downloadModel(url) + if !verifyChecksum(data, expectedChecksums[modelID]) { + return fmt.Errorf("checksum verification failed") + } + model, _ := loadModel(data) }
Use allowlists for permitted models and verify integrity with checksums
- app.post('/predict', async (req, res) => { - const model = await loadModel(req.body.modelId); + const ALLOWED_MODELS = { 'sentiment-v1': true, 'classify-v2': true }; + + app.post('/predict', async (req, res) => { + if (!ALLOWED_MODELS[req.body.modelId]) { + return res.status(400).json({ error: 'Model not allowed' }); + } + const model = await loadVerifiedModel(req.body.modelId); const result = await model.predict(req.body.input); });
Pin container images to specific version tags or SHA digests for reproducible deployments
apiVersion: v1 kind: Pod spec: containers: - name: app - image: nginx:latest + image: nginx:1.25.3-alpine
Use weights_only=True with torch.load, avoid trust_remote_code=True, and maintain a model allowlist
import torch from transformers import AutoModel - - model = torch.load('model.pt') - nlp_model = AutoModel.from_pretrained('custom/model', trust_remote_code=True) + from safetensors.torch import load_model + + # Safe: weights_only prevents arbitrary code execution + model = torch.load('model.pt', weights_only=True) + + # Even safer: use SafeTensors format + load_model(model, 'model.safetensors') + + # Allowlist for HuggingFace models + ALLOWED_MODELS = ['bert-base-uncased', 'distilbert-base-uncased'] + model_id = request.json['model'] + if model_id not in ALLOWED_MODELS: + raise ValueError('Model not in allowlist') + nlp_model = AutoModel.from_pretrained(model_id)
Encuentra vulnerabilidades en tu código
Usa Shoulder para escanear tu código en busca de patrones Inclusion of Functionality from Untrusted Control Sphere. 4 reglas.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=829 # Or scan entire project npx @shoulderdev/cli trust .
Reglas de Detección (4)
Qué buscar en las revisiones de código
Estos patrones indican vulnerabilidades potenciales de Inclusion of Functionality from Untrusted Control Sphere. Búscalos durante las revisiones de código y auditorías de seguridad.
Escanea tu base de código para Inclusion of Functionality from Untrusted Control Sphere
Shoulder CLI encuentra patrones vulnerables en toda tu base de código.