Protection Mechanism Failure (CWE-693)

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations: Missing a protection mechanism, using a faulty protection mechanism, or incorrectly applying a protection mechanism. A missing protection mechanism occurs when the application does not defend against a specific attack. A faulty protection mechanism occurs when the application does defend against a specific attack, but the protection mechanism is not implemented correctly.

Prevalência

Alta

Frequentemente explorada

Impacto

Alto

1 regras de severidade alta

Prevenção

Documentada

8 exemplos de correção

2 Prevenção

Como corrigir esta vulnerabilidade

Estratégias de prevenção para Protection Mechanism Failure baseadas em 8 regras de detecção do Shoulder.

🐳 Docker Ver tudo Docker detalhes →

Missing Healthcheck Configuration LOW

Add a HEALTHCHECK instruction to enable container health monitoring

+2 -0 dockerfile

  FROM node:24-alpine
  WORKDIR /app
  COPY . .
  EXPOSE 3000
+ HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
+   CMD curl -f http://localhost:3000/health || exit 1
  CMD ["node", "server.js"]

🐹 Go Ver tudo Go detalhes →

Chi Missing Security Headers MEDIUM

Add security headers middleware to Chi router

+12 -2 go

  package main
  
  import (
      "net/http"
      "github.com/go-chi/chi/v5"
  )
  
- func main() {
-     r := chi.NewRouter()
+ func securityHeaders(next http.Handler) http.Handler {
+     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+         w.Header().Set("X-Frame-Options", "DENY")
+         w.Header().Set("X-Content-Type-Options", "nosniff")
+         w.Header().Set("X-XSS-Protection", "1; mode=block")
+         next.ServeHTTP(w, r)
+     })
+ }
+ 
+ func main() {
+     r := chi.NewRouter()
+     r.Use(securityHeaders)
      r.Get("/", homeHandler)
      http.ListenAndServe(":8080", r)
  }

Echo Missing Security Headers MEDIUM

Add Echo Secure middleware to set security HTTP headers

+13 -4 go

  package main
  
- import "github.com/labstack/echo/v4"
- 
- func main() {
-     e := echo.New()
+ import (
+     "github.com/labstack/echo/v4"
+     "github.com/labstack/echo/v4/middleware"
+ )
+ 
+ func main() {
+     e := echo.New()
+     e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
+         XFrameOptions:         "DENY",
+         ContentTypeNosniff:    "nosniff",
+         XSSProtection:         "1; mode=block",
+         ContentSecurityPolicy: "default-src 'self'",
+     }))
      e.GET("/", homeHandler)
      e.Start(":8080")
  }

Fiber Missing Security Headers MEDIUM

Add Fiber Helmet middleware to set security HTTP headers

+8 -4 go

  package main
  
- import "github.com/gofiber/fiber/v2"
- 
- func main() {
-     app := fiber.New()
+ import (
+     "github.com/gofiber/fiber/v2"
+     "github.com/gofiber/fiber/v2/middleware/helmet"
+ )
+ 
+ func main() {
+     app := fiber.New()
+     app.Use(helmet.New())
      app.Get("/", homeHandler)
      app.Listen(":3000")
  }

🟨 JavaScript Ver tudo JavaScript detalhes →

Security Headers in Express.js HIGH

Add Helmet middleware to set security headers automatically

+4 -1 javascript

  const express = require('express');
- const app = express();
+ const helmet = require('helmet');
+ const app = express();
+ 
+ app.use(helmet());
  
  app.get('/', (req, res) => {
    res.send('<h1>Hello</h1>');
  });

3 Detecção

Encontre vulnerabilidades no seu código

Use o Shoulder para escanear seu código em busca de padrões Protection Mechanism Failure. 8 regras.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=693

# Or scan entire project
npx @shoulderdev/cli trust .

Regras de Detecção (8)

🐹 Go 6 rules

Chi Missing Security Headers MEDIUM

Chi application missing security HTTP headers middleware.

Echo Missing Security Headers MEDIUM

Echo application missing security HTTP headers middleware.

Fiber Missing Security Headers MEDIUM

Fiber application missing security HTTP headers middleware.

Gin Missing Security Headers MEDIUM

Gin application missing security HTTP headers middleware.

Gorilla Missing Security Headers MEDIUM

Gorilla Mux application missing security HTTP headers middleware.

Missing HTTP Security Headers MEDIUM

HTTP responses lack security headers like X-Frame-Options or Content-Security-Policy.

🐳 Dockerfile 1 rules

Missing Healthcheck Configuration LOW

Detects Dockerfiles missing HEALTHCHECK instructions for container monitoring.

🟨 Javascript 1 rules

Security Headers in Express.js HIGH

Detects missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing.

🔷 Typescript 1 rules

Security Headers in Express.js HIGH

Detects missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing.

4 Sinais de Alerta

O que observar nas revisões de código

Estes padrões indicam vulnerabilidades potenciais de Protection Mechanism Failure. Procure-os durante revisões de código e auditorias de segurança.

🟠

Application lacks security headers middleware (helmet, CSP, HSTS, X-Frame-Options, etc.). Without these headers, the app javascript-express-security-headers

🟠

missing security headers middleware (Helmet) to prevent XSS, clickjacking, and MIME sniffing javascript-express-security-headers

🟡

Gin application missing security headers middleware go-gin-missing-helmet

🟡

Application lacks important security headers go-missing-security-headers

🔵

Dockerfile has no HEALTHCHECK instruction for container health monitoring docker-missing-healthcheck

🔵

Dockerfiles missing HEALTHCHECK instructions for container monitoring docker-missing-healthcheck

🔍

Escaneie seu código para Protection Mechanism Failure

O Shoulder CLI encontra padrões vulneráveis em todo o seu código.

npx shoulder trust Ver todas as regras