Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.

When software includes functionality from untrusted sources (such as third-party scripts, external modules, or code from untrusted URLs), attackers can inject malicious code that will be executed with the same privileges as the application.

보급률

높음

자주 악용됨

영향

높음

3개의 높은 심각도 규칙

예방

문서화됨

4개의 수정 예시

2 예방

이 취약점을 수정하는 방법

4개의 Shoulder 탐지 규칙을 기반으로 한 Inclusion of Untrusted Functionality 예방 전략.

🐹 Go 모두 보기 Go 자세히 →

LLM Supply Chain Vulnerabilities HIGH

Use an allowlist for permitted models, verify integrity with checksums, and load models over HTTPS only

+17 -4 go

- func handler(w http.ResponseWriter, r *http.Request) {
-     modelPath := r.FormValue("model")
-     model, _ := loadModel(modelPath)
-     resp, _ := http.Get("http://example.com/model.onnx")
+ var allowedModels = map[string]string{
+     "sentiment": "https://models.example.com/sentiment-v2.onnx",
+     "classify":  "https://models.example.com/classify-v1.onnx",
+ }
+ 
+ func handler(w http.ResponseWriter, r *http.Request) {
+     modelID := r.FormValue("model")
+     url, ok := allowedModels[modelID]
+     if !ok {
+         http.Error(w, "invalid model", http.StatusBadRequest)
+         return
+     }
+     data, _ := downloadModel(url)
+     if !verifyChecksum(data, expectedChecksums[modelID]) {
+         return fmt.Errorf("checksum verification failed")
+     }
+     model, _ := loadModel(data)
  }

🟨 JavaScript 모두 보기 JavaScript 자세히 →

LLM Supply Chain Vulnerabilities HIGH

Use allowlists for permitted models and verify integrity with checksums

+7 -2 javascript

- app.post('/predict', async (req, res) => {
-   const model = await loadModel(req.body.modelId);
+ const ALLOWED_MODELS = { 'sentiment-v1': true, 'classify-v2': true };
+ 
+ app.post('/predict', async (req, res) => {
+   if (!ALLOWED_MODELS[req.body.modelId]) {
+     return res.status(400).json({ error: 'Model not allowed' });
+   }
+   const model = await loadVerifiedModel(req.body.modelId);
    const result = await model.predict(req.body.input);
  });

☸️ Kubernetes 모두 보기 Kubernetes 자세히 →

Container Using Latest Tag MEDIUM

Pin container images to specific version tags or SHA digests for reproducible deployments

+1 -1 yaml

  apiVersion: v1
  kind: Pod
  spec:
    containers:
    - name: app
-     image: nginx:latest
+     image: nginx:1.25.3-alpine

🐍 Python 모두 보기 Python 자세히 →

LLM Supply Chain Vulnerabilities HIGH

Use weights_only=True with torch.load, avoid trust_remote_code=True, and maintain a model allowlist

+14 -3 python

  import torch
  from transformers import AutoModel
- 
- model = torch.load('model.pt')
- nlp_model = AutoModel.from_pretrained('custom/model', trust_remote_code=True)
+ from safetensors.torch import load_model
+ 
+ # Safe: weights_only prevents arbitrary code execution
+ model = torch.load('model.pt', weights_only=True)
+ 
+ # Even safer: use SafeTensors format
+ load_model(model, 'model.safetensors')
+ 
+ # Allowlist for HuggingFace models
+ ALLOWED_MODELS = ['bert-base-uncased', 'distilbert-base-uncased']
+ model_id = request.json['model']
+ if model_id not in ALLOWED_MODELS:
+     raise ValueError('Model not in allowlist')
+ nlp_model = AutoModel.from_pretrained(model_id)

3 탐지

코드에서 취약점 찾기

Shoulder를 사용하여 코드에서 Inclusion of Functionality from Untrusted Control Sphere 패턴을 스캔하세요. 4 규칙.

터미널

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=829

# Or scan entire project
npx @shoulderdev/cli trust .

탐지 규칙 (4)

🐹 Go 1 rules

LLM Supply Chain Vulnerabilities HIGH

Detects supply chain vulnerabilities in AI/LLM implementations such as untrusted model sources or dynamic model loading.

🟨 Javascript 1 rules

LLM Supply Chain Vulnerabilities HIGH

Detects potential supply chain vulnerabilities in AI/LLM implementations. OWASP LLM05 - Supply Chain Vulnerabilities. Supply chain attacks in AI can occur through: - Loading models from untrusted sources - Using unverified model weights or configurations - Third-party plugins/tools without integrity verification - Compromised training data sources - Insecure model serialization formats This rule detects: - Dynamic model loading from user input - Models loaded from HTTP (not HTTPS) - Missing in

🔷 Typescript 1 rules

LLM Supply Chain Vulnerabilities HIGH

📄 Yaml 1 rules

Container Using Latest Tag MEDIUM

Detects container images using 'latest' tag or no tag.

🐍 Python 1 rules

LLM Supply Chain Vulnerabilities HIGH

Detects potential supply chain vulnerabilities in AI/LLM implementations. OWASP LLM05 - Supply Chain Vulnerabilities. Supply chain attacks in AI can occur through: - Loading models from untrusted sources - Using pickle for model serialization (RCE risk) - trust_remote_code=True in HuggingFace - Compromised training data sources - Third-party plugins without verification

4 경고 신호

코드 리뷰에서 주의할 점

이 패턴은 잠재적인 Inclusion of Functionality from Untrusted Control Sphere 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.

🟠

Potential supply chain vulnerability: ... go-llm-supply-chain

🟠

supply chain vulnerabilities in AI/LLM implementations such as untrusted model sources or dynamic mo go-llm-supply-chain

🟠

potential supply chain vulnerabilities in AI/LLM implementations javascript-llm-supply-chain

🟡

Container image uses 'latest' tag or no tag. kubernetes-image-latest-tag

🟡

container images using 'latest' tag or no tag kubernetes-image-latest-tag

🔍

코드베이스를 스캔하세요: Inclusion of Functionality from Untrusted Control Sphere

Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.

npx shoulder trust 모든 규칙 보기