Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.
When software includes functionality from untrusted sources (such as third-party scripts, external modules, or code from untrusted URLs), attackers can inject malicious code that will be executed with the same privileges as the application.
この脆弱性の修正方法
4 件の Shoulder 検出ルールに基づく Inclusion of Untrusted Functionality の予防策。
Use an allowlist for permitted models, verify integrity with checksums, and load models over HTTPS only
- func handler(w http.ResponseWriter, r *http.Request) { - modelPath := r.FormValue("model") - model, _ := loadModel(modelPath) - resp, _ := http.Get("http://example.com/model.onnx") + var allowedModels = map[string]string{ + "sentiment": "https://models.example.com/sentiment-v2.onnx", + "classify": "https://models.example.com/classify-v1.onnx", + } + + func handler(w http.ResponseWriter, r *http.Request) { + modelID := r.FormValue("model") + url, ok := allowedModels[modelID] + if !ok { + http.Error(w, "invalid model", http.StatusBadRequest) + return + } + data, _ := downloadModel(url) + if !verifyChecksum(data, expectedChecksums[modelID]) { + return fmt.Errorf("checksum verification failed") + } + model, _ := loadModel(data) }
Use allowlists for permitted models and verify integrity with checksums
- app.post('/predict', async (req, res) => { - const model = await loadModel(req.body.modelId); + const ALLOWED_MODELS = { 'sentiment-v1': true, 'classify-v2': true }; + + app.post('/predict', async (req, res) => { + if (!ALLOWED_MODELS[req.body.modelId]) { + return res.status(400).json({ error: 'Model not allowed' }); + } + const model = await loadVerifiedModel(req.body.modelId); const result = await model.predict(req.body.input); });
Pin container images to specific version tags or SHA digests for reproducible deployments
apiVersion: v1 kind: Pod spec: containers: - name: app - image: nginx:latest + image: nginx:1.25.3-alpine
Use weights_only=True with torch.load, avoid trust_remote_code=True, and maintain a model allowlist
import torch from transformers import AutoModel - - model = torch.load('model.pt') - nlp_model = AutoModel.from_pretrained('custom/model', trust_remote_code=True) + from safetensors.torch import load_model + + # Safe: weights_only prevents arbitrary code execution + model = torch.load('model.pt', weights_only=True) + + # Even safer: use SafeTensors format + load_model(model, 'model.safetensors') + + # Allowlist for HuggingFace models + ALLOWED_MODELS = ['bert-base-uncased', 'distilbert-base-uncased'] + model_id = request.json['model'] + if model_id not in ALLOWED_MODELS: + raise ValueError('Model not in allowlist') + nlp_model = AutoModel.from_pretrained(model_id)
コードの脆弱性を見つける
Shoulderを使用してコードのInclusion of Functionality from Untrusted Control Sphereパターンをスキャンしましょう。 4 ルール.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=829 # Or scan entire project npx @shoulderdev/cli trust .
検出ルール (4)
コードレビューで注目すべき点
これらのパターンはInclusion of Functionality from Untrusted Control Sphereの潜在的な脆弱性を示しています。コードレビューとセキュリティ監査中に探してください。
コードベースをスキャン: Inclusion of Functionality from Untrusted Control Sphere
Shoulder CLI はコードベース全体から脆弱なパターンを見つけます。