# Deserialization of Untrusted Data (CWE-502) The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. **Stack:** JavaScript - Prevalence: 中 覆盖 3 种语言 - Impact: 关键 3 条严重级别为关键的规则 - Prevention: 已记录 7 个修复示例 **OWASP:** Software and Data Integrity Failures (A08:2021-Software and Data Integrity Failures) - #8 ## Description Many programming languages allow the serialization of objects for storage or transmission. When untrusted data is deserialized, it can lead to code execution, denial of service, or other unintended consequences. ## Prevention 基于 2 条 Shoulder 检测规则的 Deserialization of Untrusted Data 预防策略。 ### JavaScript Validate training data against schemas and use content moderation before fine-tuning Use JSON.parse() instead of node-serialize, and yaml.SAFE_SCHEMA for YAML parsing ## Warning Signs - [HIGH] untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes - [CRITICAL] user input flowing to unsafe deserialization functions like node-serialize or yaml ## Consequences - 执行未授权代码 - 拒绝服务 (DoS):崩溃/退出/重启 - 修改应用程序数据 ## Mitigations - 尽可能避免对不可信数据进行反序列化 - 如果必须反序列化,使用 JSON 等更安全的格式 - 实施数字签名等完整性校验 - 在低权限环境中隔离反序列化操作 ## Detection - Total rules: 7 - Critical: 3 - Languages: go, javascript, typescript, python ## Rules by Language ### Javascript (2 rules) - **LLM Training Data Poisoning** [HIGH]: Detects untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes. OWASP LLM03 - Training Data Poisoning. Training data poisoning can: - Introduce backdoors into model behavior - Bias model outputs maliciously - Embed harmful content that appears in responses - Compromise model accuracy and reliability - Create security vulnerabilities in model behavior This rule detects: - User-provided data used directly in fine-tuning - External data sources used without validation - Remediation: Validate training data against schemas and use content moderation before fine-tuning. ```javascript if (!validate(trainingData)) { return res.status(400).json({ error: 'Invalid format' }); } await openai.files.create({ file: trainingData, purpose: 'fine-tune' }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-502/llm-training-data-poisoning - **Unsafe Deserialization** [CRITICAL]: Detects user input flowing to unsafe deserialization functions like node-serialize or yaml.load(). - Remediation: Use JSON.parse() instead of node-serialize, or use yaml.SAFE_SCHEMA for YAML parsing. ```javascript const data = JSON.parse(userInput); // Or for YAML: const config = yaml.load(input, { schema: yaml.SAFE_SCHEMA }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-502/unsafe-deserialization ### Typescript (2 rules) - **LLM Training Data Poisoning** [HIGH]: Detects untrusted or unvalidated data flowing into AI/LLM fine-tuning or training processes. OWASP LLM03 - Training Data Poisoning. Training data poisoning can: - Introduce backdoors into model behavior - Bias model outputs maliciously - Embed harmful content that appears in responses - Compromise model accuracy and reliability - Create security vulnerabilities in model behavior This rule detects: - User-provided data used directly in fine-tuning - External data sources used without validation - Remediation: Validate training data against schemas and use content moderation before fine-tuning. ```javascript if (!validate(trainingData)) { return res.status(400).json({ error: 'Invalid format' }); } await openai.files.create({ file: trainingData, purpose: 'fine-tune' }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-502/llm-training-data-poisoning - **Unsafe Deserialization** [CRITICAL]: Detects user input flowing to unsafe deserialization functions like node-serialize or yaml.load(). - Remediation: Use JSON.parse() instead of node-serialize, or use yaml.SAFE_SCHEMA for YAML parsing. ```javascript const data = JSON.parse(userInput); // Or for YAML: const config = yaml.load(input, { schema: yaml.SAFE_SCHEMA }); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-502/unsafe-deserialization