Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality from a source that is outside of the intended control sphere.
When software includes functionality from untrusted sources (such as third-party scripts, external modules, or code from untrusted URLs), attackers can inject malicious code that will be executed with the same privileges as the application.
Como corrigir esta vulnerabilidade
Estratégias de prevenção para Inclusion of Untrusted Functionality baseadas em 4 regras de detecção do Shoulder.
Use an allowlist for permitted models, verify integrity with checksums, and load models over HTTPS only
- func handler(w http.ResponseWriter, r *http.Request) { - modelPath := r.FormValue("model") - model, _ := loadModel(modelPath) - resp, _ := http.Get("http://example.com/model.onnx") + var allowedModels = map[string]string{ + "sentiment": "https://models.example.com/sentiment-v2.onnx", + "classify": "https://models.example.com/classify-v1.onnx", + } + + func handler(w http.ResponseWriter, r *http.Request) { + modelID := r.FormValue("model") + url, ok := allowedModels[modelID] + if !ok { + http.Error(w, "invalid model", http.StatusBadRequest) + return + } + data, _ := downloadModel(url) + if !verifyChecksum(data, expectedChecksums[modelID]) { + return fmt.Errorf("checksum verification failed") + } + model, _ := loadModel(data) }
Use allowlists for permitted models and verify integrity with checksums
- app.post('/predict', async (req, res) => { - const model = await loadModel(req.body.modelId); + const ALLOWED_MODELS = { 'sentiment-v1': true, 'classify-v2': true }; + + app.post('/predict', async (req, res) => { + if (!ALLOWED_MODELS[req.body.modelId]) { + return res.status(400).json({ error: 'Model not allowed' }); + } + const model = await loadVerifiedModel(req.body.modelId); const result = await model.predict(req.body.input); });
Pin container images to specific version tags or SHA digests for reproducible deployments
apiVersion: v1 kind: Pod spec: containers: - name: app - image: nginx:latest + image: nginx:1.25.3-alpine
Use weights_only=True with torch.load, avoid trust_remote_code=True, and maintain a model allowlist
import torch from transformers import AutoModel - - model = torch.load('model.pt') - nlp_model = AutoModel.from_pretrained('custom/model', trust_remote_code=True) + from safetensors.torch import load_model + + # Safe: weights_only prevents arbitrary code execution + model = torch.load('model.pt', weights_only=True) + + # Even safer: use SafeTensors format + load_model(model, 'model.safetensors') + + # Allowlist for HuggingFace models + ALLOWED_MODELS = ['bert-base-uncased', 'distilbert-base-uncased'] + model_id = request.json['model'] + if model_id not in ALLOWED_MODELS: + raise ValueError('Model not in allowlist') + nlp_model = AutoModel.from_pretrained(model_id)
Encontre vulnerabilidades no seu código
Use o Shoulder para escanear seu código em busca de padrões Inclusion of Functionality from Untrusted Control Sphere. 4 regras.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=829 # Or scan entire project npx @shoulderdev/cli trust .
Regras de Detecção (4)
O que observar nas revisões de código
Estes padrões indicam vulnerabilidades potenciais de Inclusion of Functionality from Untrusted Control Sphere. Procure-os durante revisões de código e auditorias de segurança.
Escaneie seu código para Inclusion of Functionality from Untrusted Control Sphere
O Shoulder CLI encontra padrões vulneráveis em todo o seu código.