# Deserialization of Untrusted Data (CWE-502) The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. - Prevalence: 보통 3개 언어 지원 - Impact: 치명적 3개의 치명적 심각도 규칙 - Prevention: 문서화됨 7개의 수정 예시 **OWASP:** Software and Data Integrity Failures (A08:2021-Software and Data Integrity Failures) - #8 ## Description Many programming languages allow the serialization of objects for storage or transmission. When untrusted data is deserialized, it can lead to code execution, denial of service, or other unintended consequences. ## Prevention 7개의 Shoulder 탐지 규칙을 기반으로 한 Deserialization of Untrusted Data 예방 전략. ### Go Use strict typed structs instead of interface{} and avoid gob with untrusted data Validate all training data against strict schemas and apply content moderation before ingestion ### JavaScript Validate training data against schemas and use content moderation before fine-tuning Use JSON.parse() instead of node-serialize, and yaml.SAFE_SCHEMA for YAML parsing ### Python Validate training data with Pydantic schemas and apply content moderation before ingestion Replace pickle/marshal with JSON or other safe serialization formats Use yaml.safe_load() instead of yaml.load() to prevent code execution ## Warning Signs - [HIGH] Untrusted data is deserialized without validation - [HIGH] truly dangerous deserialization in Go - [HIGH] Untrusted data flows to ... without validation - [HIGH] untrusted data flowing into AI/LLM fine-tuning or training processes without validation - [HIGH] untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes - [CRITICAL] user input flowing to unsafe deserialization functions like node-serialize or yaml - [CRITICAL] untrusted user input being deserialized using unsafe methods like pickle - [CRITICAL] unsafe YAML deserialization using yaml ## Consequences - 승인되지 않은 코드 실행 - DoS: 충돌/종료/재시작 - 애플리케이션 데이터 수정 ## Mitigations - 가능하다면 신뢰할 수 없는 데이터의 역직렬화를 피하세요 - 역직렬화가 필요하다면 JSON처럼 더 안전한 포맷을 사용하세요 - 디지털 서명과 같은 무결성 검사를 구현하세요 - 역직렬화는 낮은 권한 환경에서 격리해 수행하세요 ## Detection - Total rules: 7 - Critical: 3 - Languages: go, javascript, typescript, python ## Rules by Language ### Python (3 rules) - **LLM Training Data Poisoning** [HIGH]: Detects untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes. OWASP LLM03 - Training Data Poisoning. Training data poisoning can: - Introduce backdoors into model behavior - Bias model outputs maliciously - Embed harmful content that appears in responses - Compromise model accuracy and reliability - Create security vulnerabilities in model behavior - Remediation: Validate training data with Pydantic and use content moderation. ```python from pydantic import BaseModel, validator class TrainingData(BaseModel): examples: list @validator('examples', each_item=True) def validate_example(cls, v): if len(v.get('content', '')) > 4000: raise ValueError('Content too long') return v data = TrainingData(**request.json) moderation = await openai.moderations.create(input=data.json()) ``` Learn more: https://shoulder.dev/learn/python/cwe-502/llm-training-data-poisoning - **Unsafe Deserialization** [CRITICAL]: Detects untrusted user input being deserialized using unsafe methods like pickle.loads() or yaml.load(). - Remediation: Use json.loads() or yaml.safe_load() instead of pickle. ```python import json obj = json.loads(user_data) ``` Learn more: https://shoulder.dev/learn/python/cwe-502/unsafe-deserialization - **Unsafe YAML Deserialization** [CRITICAL]: Detects unsafe YAML deserialization using yaml.load() without SafeLoader. - Remediation: Use yaml.safe_load() instead of yaml.load(). ```python config = yaml.safe_load(yaml_string) ``` Learn more: https://shoulder.dev/learn/python/cwe-502/yaml-deserialization ### Go (2 rules) - **Insecure Deserialization** [HIGH]: Detects truly dangerous deserialization in Go. Unlike Java or Python, Go's encoding/json is safe (data-only parsing, no code execution). This rule focuses on: - gob.Decoder: Can instantiate arbitrary types, potential RCE (CRITICAL) - json/yaml/xml to interface{}: Type confusion risk when combined with untrusted input (MEDIUM) Note: json.Unmarshal to typed structs is NOT flagged as it cannot execute code. - Remediation: Use strict struct types instead of interface{} and validate after unmarshaling. ```go type User struct { Name string `json:"name"` Email string `json:"email"` } var user User if err := json.Unmarshal(input, &user); err != nil { return err } ``` Learn more: https://shoulder.dev/learn/go/cwe-502/unsafe-deserialization - **LLM Training Data Poisoning** [HIGH]: Detects untrusted data flowing into AI/LLM fine-tuning or training processes without validation. - Remediation: Validate all training data against strict schemas before ingestion. ```go if err := validate.Struct(doc); err != nil { return errors.New("validation failed") } ``` Learn more: https://shoulder.dev/learn/go/cwe-502/llm-training-data-poisoning ### Javascript (2 rules) - **LLM Training Data Poisoning** [HIGH]: Detects untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes. OWASP LLM03 - Training Data Poisoning. Training data poisoning can: - Introduce backdoors into model behavior - Bias model outputs maliciously - Embed harmful content that appears in responses - Compromise model accuracy and reliability - Create security vulnerabilities in model behavior This rule detects: - User-provided data used directly in fine-tuning - External data sources used without validation - Remediation: Validate training data against schemas and use content moderation before fine-tuning. ```javascript if (!validate(trainingData)) { return res.status(400).json({ error: 'Invalid format' }); } await openai.files.create({ file: trainingData, purpose: 'fine-tune' }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-502/llm-training-data-poisoning - **Unsafe Deserialization** [CRITICAL]: Detects user input flowing to unsafe deserialization functions like node-serialize or yaml.load(). - Remediation: Use JSON.parse() instead of node-serialize, or use yaml.SAFE_SCHEMA for YAML parsing. ```javascript const data = JSON.parse(userInput); // Or for YAML: const config = yaml.load(input, { schema: yaml.SAFE_SCHEMA }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-502/unsafe-deserialization ### Typescript (2 rules) - **LLM Training Data Poisoning** [HIGH]: Detects untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes. OWASP LLM03 - Training Data Poisoning. Training data poisoning can: - Introduce backdoors into model behavior - Bias model outputs maliciously - Embed harmful content that appears in responses - Compromise model accuracy and reliability - Create security vulnerabilities in model behavior This rule detects: - User-provided data used directly in fine-tuning - External data sources used without validation - Remediation: Validate training data against schemas and use content moderation before fine-tuning. ```javascript if (!validate(trainingData)) { return res.status(400).json({ error: 'Invalid format' }); } await openai.files.create({ file: trainingData, purpose: 'fine-tune' }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-502/llm-training-data-poisoning - **Unsafe Deserialization** [CRITICAL]: Detects user input flowing to unsafe deserialization functions like node-serialize or yaml.load(). - Remediation: Use JSON.parse() instead of node-serialize, or use yaml.SAFE_SCHEMA for YAML parsing. ```javascript const data = JSON.parse(userInput); // Or for YAML: const config = yaml.load(input, { schema: yaml.SAFE_SCHEMA }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-502/unsafe-deserialization