Business Logic Errors (CWE-840) - Security Vulnerability

Business Logic Errors

The product does not properly implement the business logic rules, which may allow users to manipulate the system in unintended ways.

Business logic errors occur when the application's implementation doesn't correctly enforce the intended business rules. Unlike technical vulnerabilities, these are flaws in the application's design or logic.

보급률

보통

3개 언어 지원

영향

높음

3개의 높은 심각도 규칙

예방

문서화됨

3개의 수정 예시

2 예방

이 취약점을 수정하는 방법

3개의 Shoulder 탐지 규칙을 기반으로 한 Business Logic Errors 예방 전략.

🐹 Go 모두 보기 Go 자세히 →

Business Logic Bypass HIGH

Calculate financial values server-side from trusted data sources instead of accepting client-submitted totals

+14 -1 go

  package main
  
  import (
      "net/http"
      "strconv"
  )
  
  func checkoutHandler(w http.ResponseWriter, r *http.Request) {
-     total, _ := strconv.ParseFloat(r.FormValue("total"), 64)
+     productID := r.FormValue("product_id")
+     qty, err := strconv.Atoi(r.FormValue("quantity"))
+     if err != nil || qty <= 0 {
+         http.Error(w, "Invalid quantity", http.StatusBadRequest)
+         return
+     }
+ 
+     var product Product
+     if err := db.First(&product, productID).Error; err != nil {
+         http.Error(w, "Product not found", http.StatusNotFound)
+         return
+     }
+ 
+     total := product.Price * float64(qty)
      processPayment(total)
      w.Write([]byte("Payment processed"))
  }

🟨 JavaScript 모두 보기 JavaScript 자세히 →

Business Logic Bypass HIGH

Calculate totals and prices server-side using database values instead of client-submitted data

+2 -1 javascript

  app.post('/checkout', async (req, res) => {
-   const { total } = req.body;
+   const product = await Product.findById(req.body.productId);
+   const total = product.price * req.body.quantity;
    await stripe.charges.create({ amount: total, currency: 'usd' });
  });

🐍 Python 모두 보기 Python 자세히 →

Business Logic Bypass HIGH

Calculate totals server-side using database prices instead of client-submitted values

+5 -3 python

  from flask import request
  
  @app.route('/checkout', methods=['POST'])
  def checkout():
-     price = float(request.form['price'])
-     quantity = int(request.form['quantity'])
-     stripe.Charge.create(amount=int(price * quantity * 100))
+     item_id = int(request.form['item_id'])
+     quantity = int(request.form['quantity'])
+     product = Product.query.get(item_id)
+     total = product.price * quantity
+     stripe.Charge.create(amount=int(total * 100))

3 탐지

코드에서 취약점 찾기

Shoulder를 사용하여 코드에서 Business Logic Errors 패턴을 스캔하세요. 3 규칙.

터미널

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=840

# Or scan entire project
npx @shoulderdev/cli trust .

탐지 규칙 (3)

🐹 Go 1 rules

Business Logic Bypass HIGH

Client-controlled financial values flow to payment operations without server-side calculation.

🟨 Javascript 1 rules

Business Logic Bypass HIGH

Detects client-controlled prices or amounts flowing to payment operations without server-side validation.

🔷 Typescript 1 rules

Business Logic Bypass HIGH

Detects client-controlled prices or amounts flowing to payment operations without server-side validation.

🐍 Python 1 rules

Business Logic Bypass HIGH

Detects client-controlled business-critical values (price, quantity, discount) flowing to payment or business operations without server-side validation.

4 경고 신호

코드 리뷰에서 주의할 점

이 패턴은 잠재적인 Business Logic Errors 취약점을 나타냅니다. 코드 리뷰와 보안 감사 중에 찾아보세요.

🟠

client-controlled prices or amounts flowing to payment operations without server-side validation javascript-business-logic-bypass

🟠

client-controlled business-critical values (price, quantity, discount) flowing to payment or busines python-business-logic-bypass

🔍

코드베이스를 스캔하세요: Business Logic Errors

Shoulder CLI는 전체 코드베이스에서 취약한 패턴을 찾아냅니다.

npx shoulder trust 모든 규칙 보기