# Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.

**Stack:** Python

- Prevalence: Élevée Fréquemment exploitée
- Impact: Élevé 3 règles de sévérité élevée
- Prevention: Documentée 4 exemples de correctifs

**OWASP:** Vulnerable and Outdated Components (A06:2021-Vulnerable and Outdated Components) - #6

## Description

When software includes functionality from untrusted sources (such as third-party scripts, external modules, or code from untrusted URLs), attackers can inject malicious code that will be executed with the same privileges as the application.

## Prevention

Stratégies de prévention pour Inclusion of Untrusted Functionality basées sur 1 règles de détection Shoulder.

### Python

Use weights_only=True with torch.load, avoid trust_remote_code=True, and maintain a model allowlist

## Warning Signs

- [HIGH] Potential supply chain vulnerability: ...
- [HIGH] potential supply chain vulnerabilities in AI/LLM implementations

## Consequences

- Exécuter du code non autorisé
- Lecture des données de l'application
- Modification des données de l'application

## Mitigations

- N'incluez que du code provenant de sources de confiance et vérifiées
- Utilisez Subresource Integrity (SRI) pour les scripts externes
- Mettez en place une Content Security Policy (CSP) pour restreindre les sources de code exécutable

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, yaml, python

## Rules by Language

### Python (1 rules)

- **LLM Supply Chain Vulnerabilities** [HIGH]: Detects potential supply chain vulnerabilities in AI/LLM implementations.
OWASP LLM05 - Supply Chain Vulnerabilities.

Supply chain attacks in AI can occur through:
- Loading models from untrusted sources
- Using pickle for model serialization (RCE risk)
- trust_remote_code=True in HuggingFace
- Compromised training data sources
- Third-party plugins without verification
  - Remediation: Use weights_only=True with torch.load() or SafeTensors format.

```python
import torch

# Safe: weights_only prevents arbitrary code execution
model = torch.load('model.pt', weights_only=True)

# Even safer: use SafeTensors format
from safetensors.torch import load_model
load_model(model, 'model.safetensors')
```

Learn more: https://shoulder.dev/learn/python/cwe-829/llm-supply-chain