Deserialization of Untrusted Data (CWE-502)

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Many programming languages allow the serialization of objects for storage or transmission. When untrusted data is deserialized, it can lead to code execution, denial of service, or other unintended consequences.

普遍性

中

覆盖 3 种语言

影响

关键

3 条严重级别为关键的规则

预防

已记录

7 个修复示例

2 预防

如何修复此漏洞

基于 7 条 Shoulder 检测规则的 Deserialization of Untrusted Data 预防策略。

🐹 Go 查看全部 Go 详情 →

Insecure Deserialization HIGH

Use strict typed structs instead of interface{} and avoid gob with untrusted data

+16 -10 go

  package main
  
  import (
-     "encoding/gob"
-     "net/http"
- )
- 
- func handler(w http.ResponseWriter, r *http.Request) {
-     // Vulnerable: gob decoding untrusted HTTP body
-     dec := gob.NewDecoder(r.Body)
-     var data interface{}
-     if err := dec.Decode(&data); err != nil {
-         http.Error(w, err.Error(), 400)
+     "encoding/json"
+     "net/http"
+ )
+ 
+ type UserRequest struct {
+     Name  string `json:"name"`
+     Email string `json:"email"`
+ }
+ 
+ func handler(w http.ResponseWriter, r *http.Request) {
+     // Safe: typed struct with JSON (data-only, no code execution)
+     var req UserRequest
+     dec := json.NewDecoder(r.Body)
+     dec.DisallowUnknownFields()
+     if err := dec.Decode(&req); err != nil {
+         http.Error(w, "Invalid request", 400)
          return
      }
  }

LLM Training Data Poisoning HIGH

Validate all training data against strict schemas and apply content moderation before ingestion

+12 -0 go

  func indexHandler(w http.ResponseWriter, r *http.Request) {
      var docs []Document
      json.NewDecoder(r.Body).Decode(&docs)
+ 
+     validate := validator.New()
+     for _, doc := range docs {
+         if err := validate.Struct(doc); err != nil {
+             http.Error(w, "validation failed", http.StatusBadRequest)
+             return
+         }
+         if flagged, _ := moderationCheck(doc.Content); flagged {
+             http.Error(w, "content policy violation", http.StatusBadRequest)
+             return
+         }
+     }
      vectorDB.Upsert(docs)
  }

🟨 JavaScript 查看全部 JavaScript 详情 →

LLM Training Data Poisoning HIGH

Validate training data against schemas and use content moderation before fine-tuning

+4 -2 javascript

  app.post('/finetune', async (req, res) => {
-   await openai.files.create({
-     file: req.body.trainingData,
+   const validated = trainingSchema.parse(req.body.trainingData);
+   const moderated = await moderateContent(validated);
+   await openai.files.create({
+     file: moderated,
      purpose: 'fine-tune'
    });
  });

Unsafe Deserialization CRITICAL

Use JSON.parse() instead of node-serialize, and yaml.SAFE_SCHEMA for YAML parsing

+10 -8 javascript

  const express = require('express');
- const serialize = require('node-serialize');
- const app = express();
- 
- app.post('/restore', (req, res) => {
-   const sessionData = req.body.session;
-   const session = serialize.deserialize(sessionData);
-   req.session = session;
-   res.json({ restored: true });
+ const app = express();
+ 
+ app.post('/restore', (req, res) => {
+   try {
+     const session = JSON.parse(req.body.session);
+     req.session = session;
+     res.json({ restored: true });
+   } catch (e) {
+     res.status(400).json({ error: 'Invalid session data' });
+   }
  });

🐍 Python 查看全部 Python 详情 →

LLM Training Data Poisoning HIGH

Validate training data with Pydantic schemas and apply content moderation before ingestion

+21 -4 python

- @app.route('/finetune', methods=['POST'])
- def finetune():
-     training_data = request.json['data']
-     client.files.create(file=training_data, purpose='fine-tune')
+ from pydantic import BaseModel, validator
+ 
+ class TrainingExample(BaseModel):
+     prompt: str
+     completion: str
+ 
+     @validator('prompt', 'completion')
+     def validate_length(cls, v):
+         if len(v) > 4000:
+             raise ValueError('Content too long')
+         return v
+ 
+ @app.route('/finetune', methods=['POST'])
+ async def finetune():
+     examples = [TrainingExample(**ex) for ex in request.json['data']]
+     moderation = await openai.moderations.create(
+         input=[ex.completion for ex in examples]
+     )
+     if any(r.flagged for r in moderation.results):
+         return {'error': 'Content policy violation'}, 400
+     client.files.create(file=json.dumps([ex.dict() for ex in examples]), purpose='fine-tune')
      return {'status': 'queued'}

Unsafe Deserialization CRITICAL

Replace pickle/marshal with JSON or other safe serialization formats

+7 -7 python

- import pickle
- from flask import request
- 
- @app.route('/load', methods=['POST'])
- def load():
-     data = request.get_data()
-     obj = pickle.loads(data)
+ import json
+ from flask import request
+ 
+ @app.route('/load', methods=['POST'])
+ def load():
+     data = request.get_data()
+     obj = json.loads(data)
      return str(obj)

Unsafe YAML Deserialization CRITICAL

Use yaml.safe_load() instead of yaml.load() to prevent code execution

+1 -1 python

  import yaml
  
  def parse_config(yaml_string):
-     config = yaml.load(yaml_string)
+     config = yaml.safe_load(yaml_string)
      return config

3 检测

查找代码中的漏洞

使用Shoulder扫描代码中的Deserialization of Untrusted Data模式。 7 规则.

终端

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=502

# Or scan entire project
npx @shoulderdev/cli trust .

检测规则 (7)

🐍 Python 3 rules

LLM Training Data Poisoning HIGH

Detects untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes. OWASP LLM03 - Training Data Poisoning. Training data poisoning can: - Introduce backdoors into model behavior - Bias model outputs maliciously - Embed harmful content that appears in responses - Compromise model accuracy and reliability - Create security vulnerabilities in model behavior

Unsafe Deserialization CRITICAL

Detects untrusted user input being deserialized using unsafe methods like pickle.loads() or yaml.load().

Unsafe YAML Deserialization CRITICAL

Detects unsafe YAML deserialization using yaml.load() without SafeLoader.

🐹 Go 2 rules

Insecure Deserialization HIGH

Detects truly dangerous deserialization in Go. Unlike Java or Python, Go's encoding/json is safe (data-only parsing, no code execution). This rule focuses on: - gob.Decoder: Can instantiate arbitrary types, potential RCE (CRITICAL) - json/yaml/xml to interface{}: Type confusion risk when combined with untrusted input (MEDIUM) Note: json.Unmarshal to typed structs is NOT flagged as it cannot execute code.

LLM Training Data Poisoning HIGH

Detects untrusted data flowing into AI/LLM fine-tuning or training processes without validation.

🟨 Javascript 2 rules

LLM Training Data Poisoning HIGH

Unsafe Deserialization CRITICAL

Detects user input flowing to unsafe deserialization functions like node-serialize or yaml.load().

🔷 Typescript 2 rules

LLM Training Data Poisoning HIGH

Unsafe Deserialization CRITICAL

Detects user input flowing to unsafe deserialization functions like node-serialize or yaml.load().

4 警告信号

代码审查中需要关注的内容

这些模式表明潜在的Deserialization of Untrusted Data漏洞。在代码审查和安全审计中注意查找。

🟠

Untrusted data is deserialized without validation go-insecure-deserialization

🟠

truly dangerous deserialization in Go go-insecure-deserialization

🟠

Untrusted data flows to ... without validation go-llm-training-data-poisoning

🟠

untrusted data flowing into AI/LLM fine-tuning or training processes without validation go-llm-training-data-poisoning

🟠

untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes javascript-llm-training-data-poisoning

🔴

user input flowing to unsafe deserialization functions like node-serialize or yaml javascript-unsafe-deserialization

🔴

untrusted user input being deserialized using unsafe methods like pickle python-unsafe-deserialization

🔴

unsafe YAML deserialization using yaml python-yaml-deserialization

🔍

扫描你的代码库: Deserialization of Untrusted Data

Shoulder CLI 在整个代码库中找到易受攻击的模式。

npx shoulder trust 浏览所有规则