Protection Mechanism Failure (CWE-693)

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations: Missing a protection mechanism, using a faulty protection mechanism, or incorrectly applying a protection mechanism. A missing protection mechanism occurs when the application does not defend against a specific attack. A faulty protection mechanism occurs when the application does defend against a specific attack, but the protection mechanism is not implemented correctly.

व्यापकता

उच्च

बार-बार शोषित

प्रभाव

उच्च

1 उच्च गंभीरता वाले नियम

रोकथाम

प्रलेखित

8 फिक्स उदाहरण

2 रोकथाम

इस भेद्यता को कैसे ठीक करें

8 Shoulder डिटेक्शन नियमों पर आधारित Protection Mechanism Failure के लिए रोकथाम रणनीतियाँ।

🐳 Docker सब देखें Docker विवरण →

Missing Healthcheck Configuration LOW

Add a HEALTHCHECK instruction to enable container health monitoring

+2 -0 dockerfile

  FROM node:24-alpine
  WORKDIR /app
  COPY . .
  EXPOSE 3000
+ HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
+   CMD curl -f http://localhost:3000/health || exit 1
  CMD ["node", "server.js"]

🐹 Go सब देखें Go विवरण →

Chi Missing Security Headers MEDIUM

Add security headers middleware to Chi router

+12 -2 go

  package main
  
  import (
      "net/http"
      "github.com/go-chi/chi/v5"
  )
  
- func main() {
-     r := chi.NewRouter()
+ func securityHeaders(next http.Handler) http.Handler {
+     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+         w.Header().Set("X-Frame-Options", "DENY")
+         w.Header().Set("X-Content-Type-Options", "nosniff")
+         w.Header().Set("X-XSS-Protection", "1; mode=block")
+         next.ServeHTTP(w, r)
+     })
+ }
+ 
+ func main() {
+     r := chi.NewRouter()
+     r.Use(securityHeaders)
      r.Get("/", homeHandler)
      http.ListenAndServe(":8080", r)
  }

Echo Missing Security Headers MEDIUM

Add Echo Secure middleware to set security HTTP headers

+13 -4 go

  package main
  
- import "github.com/labstack/echo/v4"
- 
- func main() {
-     e := echo.New()
+ import (
+     "github.com/labstack/echo/v4"
+     "github.com/labstack/echo/v4/middleware"
+ )
+ 
+ func main() {
+     e := echo.New()
+     e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
+         XFrameOptions:         "DENY",
+         ContentTypeNosniff:    "nosniff",
+         XSSProtection:         "1; mode=block",
+         ContentSecurityPolicy: "default-src 'self'",
+     }))
      e.GET("/", homeHandler)
      e.Start(":8080")
  }

Fiber Missing Security Headers MEDIUM

Add Fiber Helmet middleware to set security HTTP headers

+8 -4 go

  package main
  
- import "github.com/gofiber/fiber/v2"
- 
- func main() {
-     app := fiber.New()
+ import (
+     "github.com/gofiber/fiber/v2"
+     "github.com/gofiber/fiber/v2/middleware/helmet"
+ )
+ 
+ func main() {
+     app := fiber.New()
+     app.Use(helmet.New())
      app.Get("/", homeHandler)
      app.Listen(":3000")
  }

🟨 JavaScript सब देखें JavaScript विवरण →

Security Headers in Express.js HIGH

Add Helmet middleware to set security headers automatically

+4 -1 javascript

  const express = require('express');
- const app = express();
+ const helmet = require('helmet');
+ const app = express();
+ 
+ app.use(helmet());
  
  app.get('/', (req, res) => {
    res.send('<h1>Hello</h1>');
  });

3 पहचान

अपने कोड में भेद्यताएँ खोजें

Protection Mechanism Failure पैटर्न के लिए अपने कोडबेस को स्कैन करने के लिए Shoulder का उपयोग करें। 8 नियम.

टर्मिनल

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=693

# Or scan entire project
npx @shoulderdev/cli trust .

पहचान नियम (8)

🐹 Go 6 rules

Chi Missing Security Headers MEDIUM

Chi application missing security HTTP headers middleware.

Echo Missing Security Headers MEDIUM

Echo application missing security HTTP headers middleware.

Fiber Missing Security Headers MEDIUM

Fiber application missing security HTTP headers middleware.

Gin Missing Security Headers MEDIUM

Gin application missing security HTTP headers middleware.

Gorilla Missing Security Headers MEDIUM

Gorilla Mux application missing security HTTP headers middleware.

Missing HTTP Security Headers MEDIUM

HTTP responses lack security headers like X-Frame-Options or Content-Security-Policy.

🐳 Dockerfile 1 rules

Missing Healthcheck Configuration LOW

Detects Dockerfiles missing HEALTHCHECK instructions for container monitoring.

🟨 Javascript 1 rules

Security Headers in Express.js HIGH

Detects missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing.

🔷 Typescript 1 rules

Security Headers in Express.js HIGH

Detects missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing.

4 चेतावनी संकेत

कोड समीक्षा में किन बातों पर ध्यान दें

ये पैटर्न संभावित Protection Mechanism Failure भेद्यताओं का संकेत देते हैं। कोड समीक्षा और सुरक्षा ऑडिट के दौरान इन्हें देखें।

🟠

Application lacks security headers middleware (helmet, CSP, HSTS, X-Frame-Options, etc.). Without these headers, the app javascript-express-security-headers

🟠

missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing javascript-express-security-headers

🟡

Gin application missing security headers middleware go-gin-missing-helmet

🟡

Application lacks important security headers go-missing-security-headers

🔵

Dockerfile has no HEALTHCHECK instruction for container health monitoring docker-missing-healthcheck

🔵

Dockerfiles missing HEALTHCHECK instructions for container monitoring docker-missing-healthcheck

🔍

अपने कोडबेस को इसके लिए स्कैन करें: Protection Mechanism Failure

Shoulder CLI आपके पूरे कोडबेस में भेद्य पैटर्न खोजता है।

npx shoulder trust सभी नियम देखें