# Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.

**Stack:** JavaScript

- Prevalence: 高 頻繁に悪用される
- Impact: ハイ 3 件の重大度ハイのルール
- Prevention: 文書化済み 4 件の修正例

**OWASP:** Vulnerable and Outdated Components (A06:2021-Vulnerable and Outdated Components) - #6

## Description

When software includes functionality from untrusted sources (such as third-party scripts, external modules, or code from untrusted URLs), attackers can inject malicious code that will be executed with the same privileges as the application.

## Prevention

1 件の Shoulder 検出ルールに基づく Inclusion of Untrusted Functionality の予防策。

### JavaScript

Use allowlists for permitted models and verify integrity with checksums

## Warning Signs

- [HIGH] Potential supply chain vulnerability: ...
- [HIGH] potential supply chain vulnerabilities in AI/LLM implementations

## Consequences

- 未承認コードの実行
- アプリケーションデータの読み取り
- アプリケーションデータの変更

## Mitigations

- 信頼できる検証済みのソースからのコードのみを取り込む
- 外部スクリプトには Subresource Integrity (SRI) を使用する
- 実行可能コードのソースを制限するために Content Security Policy (CSP) を導入する

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, yaml, python

## Rules by Language

### Javascript (1 rules)

- **LLM Supply Chain Vulnerabilities** [HIGH]: Detects potential supply chain vulnerabilities in AI/LLM implementations.
OWASP LLM05 - Supply Chain Vulnerabilities.

Supply chain attacks in AI can occur through:
- Loading models from untrusted sources
- Using unverified model weights or configurations
- Third-party plugins/tools without integrity verification
- Compromised training data sources
- Insecure model serialization formats

This rule detects:
- Dynamic model loading from user input
- Models loaded from HTTP (not HTTPS)
- Missing in
  - Remediation: Use allowlists for permitted models and verify integrity with checksums.

```javascript
if (!ALLOWED_MODELS[modelId]) {
  throw new Error('Model not in allowlist');
}
const model = await loadVerifiedModel(modelId);
```

Learn more: https://shoulder.dev/learn/javascript/cwe-829/llm-supply-chain

### Typescript (1 rules)

- **LLM Supply Chain Vulnerabilities** [HIGH]: Detects potential supply chain vulnerabilities in AI/LLM implementations.
OWASP LLM05 - Supply Chain Vulnerabilities.

Supply chain attacks in AI can occur through:
- Loading models from untrusted sources
- Using unverified model weights or configurations
- Third-party plugins/tools without integrity verification
- Compromised training data sources
- Insecure model serialization formats

This rule detects:
- Dynamic model loading from user input
- Models loaded from HTTP (not HTTPS)
- Missing in
  - Remediation: Use allowlists for permitted models and verify integrity with checksums.

```javascript
if (!ALLOWED_MODELS[modelId]) {
  throw new Error('Model not in allowlist');
}
const model = await loadVerifiedModel(modelId);
```

Learn more: https://shoulder.dev/learn/javascript/cwe-829/llm-supply-chain