Business Logic Errors (CWE-840) - Security Vulnerability

Business Logic Errors

The product does not properly implement the business logic rules, which may allow users to manipulate the system in unintended ways.

Business logic errors occur when the application's implementation doesn't correctly enforce the intended business rules. Unlike technical vulnerabilities, these are flaws in the application's design or logic.

普及度

中

3 言語をカバー

影響度

ハイ

3 件の重大度ハイのルール

予防

文書化済み

3 件の修正例

2 予防

この脆弱性の修正方法

3 件の Shoulder 検出ルールに基づく Business Logic Errors の予防策。

🐹 Go すべて表示 Go 詳細 →

Business Logic Bypass HIGH

Calculate financial values server-side from trusted data sources instead of accepting client-submitted totals

+14 -1 go

  package main
  
  import (
      "net/http"
      "strconv"
  )
  
  func checkoutHandler(w http.ResponseWriter, r *http.Request) {
-     total, _ := strconv.ParseFloat(r.FormValue("total"), 64)
+     productID := r.FormValue("product_id")
+     qty, err := strconv.Atoi(r.FormValue("quantity"))
+     if err != nil || qty <= 0 {
+         http.Error(w, "Invalid quantity", http.StatusBadRequest)
+         return
+     }
+ 
+     var product Product
+     if err := db.First(&product, productID).Error; err != nil {
+         http.Error(w, "Product not found", http.StatusNotFound)
+         return
+     }
+ 
+     total := product.Price * float64(qty)
      processPayment(total)
      w.Write([]byte("Payment processed"))
  }

🟨 JavaScript すべて表示 JavaScript 詳細 →

Business Logic Bypass HIGH

Calculate totals and prices server-side using database values instead of client-submitted data

+2 -1 javascript

  app.post('/checkout', async (req, res) => {
-   const { total } = req.body;
+   const product = await Product.findById(req.body.productId);
+   const total = product.price * req.body.quantity;
    await stripe.charges.create({ amount: total, currency: 'usd' });
  });

🐍 Python すべて表示 Python 詳細 →

Business Logic Bypass HIGH

Calculate totals server-side using database prices instead of client-submitted values

+5 -3 python

  from flask import request
  
  @app.route('/checkout', methods=['POST'])
  def checkout():
-     price = float(request.form['price'])
-     quantity = int(request.form['quantity'])
-     stripe.Charge.create(amount=int(price * quantity * 100))
+     item_id = int(request.form['item_id'])
+     quantity = int(request.form['quantity'])
+     product = Product.query.get(item_id)
+     total = product.price * quantity
+     stripe.Charge.create(amount=int(total * 100))

3 検出

コードの脆弱性を見つける

Shoulderを使用してコードのBusiness Logic Errorsパターンをスキャンしましょう。 3 ルール.

ターミナル

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=840

# Or scan entire project
npx @shoulderdev/cli trust .

検出ルール (3)

🐹 Go 1 rules

Business Logic Bypass HIGH

Client-controlled financial values flow to payment operations without server-side calculation.

🟨 Javascript 1 rules

Business Logic Bypass HIGH

Detects client-controlled prices or amounts flowing to payment operations without server-side validation.

🔷 Typescript 1 rules

Business Logic Bypass HIGH

Detects client-controlled prices or amounts flowing to payment operations without server-side validation.

🐍 Python 1 rules

Business Logic Bypass HIGH

Detects client-controlled business-critical values (price, quantity, discount) flowing to payment or business operations without server-side validation.

4 警告サイン

コードレビューで注目すべき点

これらのパターンはBusiness Logic Errorsの潜在的な脆弱性を示しています。コードレビューとセキュリティ監査中に探してください。

🟠

client-controlled prices or amounts flowing to payment operations without server-side validation javascript-business-logic-bypass

🟠

client-controlled business-critical values (price, quantity, discount) flowing to payment or busines python-business-logic-bypass

🔍

コードベースをスキャン: Business Logic Errors

Shoulder CLI はコードベース全体から脆弱なパターンを見つけます。

npx shoulder trust すべてのルールを表示