Business Logic Errors (CWE-840) - Security Vulnerability

Business Logic Errors

The product does not properly implement the business logic rules, which may allow users to manipulate the system in unintended ways.

Business logic errors occur when the application's implementation doesn't correctly enforce the intended business rules. Unlike technical vulnerabilities, these are flaws in the application's design or logic.

普遍性

中

覆盖 3 种语言

影响

高

3 条严重级别为高的规则

预防

已记录

3 个修复示例

2 预防

如何修复此漏洞

基于 3 条 Shoulder 检测规则的 Business Logic Errors 预防策略。

🐹 Go 查看全部 Go 详情 →

Business Logic Bypass HIGH

Calculate financial values server-side from trusted data sources instead of accepting client-submitted totals

+14 -1 go

  package main
  
  import (
      "net/http"
      "strconv"
  )
  
  func checkoutHandler(w http.ResponseWriter, r *http.Request) {
-     total, _ := strconv.ParseFloat(r.FormValue("total"), 64)
+     productID := r.FormValue("product_id")
+     qty, err := strconv.Atoi(r.FormValue("quantity"))
+     if err != nil || qty <= 0 {
+         http.Error(w, "Invalid quantity", http.StatusBadRequest)
+         return
+     }
+ 
+     var product Product
+     if err := db.First(&product, productID).Error; err != nil {
+         http.Error(w, "Product not found", http.StatusNotFound)
+         return
+     }
+ 
+     total := product.Price * float64(qty)
      processPayment(total)
      w.Write([]byte("Payment processed"))
  }

🟨 JavaScript 查看全部 JavaScript 详情 →

Business Logic Bypass HIGH

Calculate totals and prices server-side using database values instead of client-submitted data

+2 -1 javascript

  app.post('/checkout', async (req, res) => {
-   const { total } = req.body;
+   const product = await Product.findById(req.body.productId);
+   const total = product.price * req.body.quantity;
    await stripe.charges.create({ amount: total, currency: 'usd' });
  });

🐍 Python 查看全部 Python 详情 →

Business Logic Bypass HIGH

Calculate totals server-side using database prices instead of client-submitted values

+5 -3 python

  from flask import request
  
  @app.route('/checkout', methods=['POST'])
  def checkout():
-     price = float(request.form['price'])
-     quantity = int(request.form['quantity'])
-     stripe.Charge.create(amount=int(price * quantity * 100))
+     item_id = int(request.form['item_id'])
+     quantity = int(request.form['quantity'])
+     product = Product.query.get(item_id)
+     total = product.price * quantity
+     stripe.Charge.create(amount=int(total * 100))

3 检测

查找代码中的漏洞

使用Shoulder扫描代码中的Business Logic Errors模式。 3 规则.

终端

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=840

# Or scan entire project
npx @shoulderdev/cli trust .

检测规则 (3)

🐹 Go 1 rules

Business Logic Bypass HIGH

Client-controlled financial values flow to payment operations without server-side calculation.

🟨 Javascript 1 rules

Business Logic Bypass HIGH

Detects client-controlled prices or amounts flowing to payment operations without server-side validation.

🔷 Typescript 1 rules

Business Logic Bypass HIGH

Detects client-controlled prices or amounts flowing to payment operations without server-side validation.

🐍 Python 1 rules

Business Logic Bypass HIGH

Detects client-controlled business-critical values (price, quantity, discount) flowing to payment or business operations without server-side validation.

4 警告信号

代码审查中需要关注的内容

这些模式表明潜在的Business Logic Errors漏洞。在代码审查和安全审计中注意查找。

🟠

client-controlled prices or amounts flowing to payment operations without server-side validation javascript-business-logic-bypass

🟠

client-controlled business-critical values (price, quantity, discount) flowing to payment or busines python-business-logic-bypass

🔍

扫描你的代码库: Business Logic Errors

Shoulder CLI 在整个代码库中找到易受攻击的模式。

npx shoulder trust 浏览所有规则