Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.
When software includes functionality from untrusted sources (such as third-party scripts, external modules, or code from untrusted URLs), attackers can inject malicious code that will be executed with the same privileges as the application.
Comment corriger cette vulnérabilité
Stratégies de prévention pour Inclusion of Untrusted Functionality basées sur 4 règles de détection Shoulder.
Use an allowlist for permitted models, verify integrity with checksums, and load models over HTTPS only
- func handler(w http.ResponseWriter, r *http.Request) { - modelPath := r.FormValue("model") - model, _ := loadModel(modelPath) - resp, _ := http.Get("http://example.com/model.onnx") + var allowedModels = map[string]string{ + "sentiment": "https://models.example.com/sentiment-v2.onnx", + "classify": "https://models.example.com/classify-v1.onnx", + } + + func handler(w http.ResponseWriter, r *http.Request) { + modelID := r.FormValue("model") + url, ok := allowedModels[modelID] + if !ok { + http.Error(w, "invalid model", http.StatusBadRequest) + return + } + data, _ := downloadModel(url) + if !verifyChecksum(data, expectedChecksums[modelID]) { + return fmt.Errorf("checksum verification failed") + } + model, _ := loadModel(data) }
Use allowlists for permitted models and verify integrity with checksums
- app.post('/predict', async (req, res) => { - const model = await loadModel(req.body.modelId); + const ALLOWED_MODELS = { 'sentiment-v1': true, 'classify-v2': true }; + + app.post('/predict', async (req, res) => { + if (!ALLOWED_MODELS[req.body.modelId]) { + return res.status(400).json({ error: 'Model not allowed' }); + } + const model = await loadVerifiedModel(req.body.modelId); const result = await model.predict(req.body.input); });
Pin container images to specific version tags or SHA digests for reproducible deployments
apiVersion: v1 kind: Pod spec: containers: - name: app - image: nginx:latest + image: nginx:1.25.3-alpine
Use weights_only=True with torch.load, avoid trust_remote_code=True, and maintain a model allowlist
import torch from transformers import AutoModel - - model = torch.load('model.pt') - nlp_model = AutoModel.from_pretrained('custom/model', trust_remote_code=True) + from safetensors.torch import load_model + + # Safe: weights_only prevents arbitrary code execution + model = torch.load('model.pt', weights_only=True) + + # Even safer: use SafeTensors format + load_model(model, 'model.safetensors') + + # Allowlist for HuggingFace models + ALLOWED_MODELS = ['bert-base-uncased', 'distilbert-base-uncased'] + model_id = request.json['model'] + if model_id not in ALLOWED_MODELS: + raise ValueError('Model not in allowlist') + nlp_model = AutoModel.from_pretrained(model_id)
Trouvez les vulnérabilités dans votre code
Utilisez Shoulder pour scanner votre code à la recherche de patterns Inclusion of Functionality from Untrusted Control Sphere. 4 règles.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=829 # Or scan entire project npx @shoulderdev/cli trust .
Règles de Détection (4)
Ce qu'il faut surveiller lors des revues de code
Ces patterns indiquent des vulnérabilités potentielles Inclusion of Functionality from Untrusted Control Sphere. Recherchez-les lors des revues de code et des audits de sécurité.
Scannez votre base de code pour Inclusion of Functionality from Untrusted Control Sphere
Shoulder CLI trouve les motifs vulnérables dans toute votre base de code.