فا

‫ Java Secure Coding - Input Validation and Data Sanitization Rules - Introduction

IRCAR201309186
Date: 21/09/2013
In previous articles we discussed shortly about the most important topics in Java secure coding. From now on we will describe each topic precisely thorough related rules.
The first topic in secure coding would be input validation and data sanitization. This topic has 14 rules that four of them are level 1 that indicate with L1.
Each rule and recommendation has an assigned Priority. Priorities are assigned using a metric based on Failure Mode, Effects, and Criticality Analysis (FMECA) [IEC 60812]. Three values are assigned for each rule on a scale of 1 to 3 for severity, likelihood, and remediation cost.
Severity

How serious are the consequences of the rule being ignored?

likelihood

How likely is it that a flaw introduced by ignoring the rule can lead to an exploitable vulnerability?

Remediation Cost

How expensive is it to comply with the rule?

The three values are then multiplied together for each rule. This product provides a measure that can be used in prioritizing the application of the rules. The products range from 1 to 27, although only the following 10 distinct values are possible: 1, 2, 3, 4, 6, 8, 9, 12, 18, and 27. Rules and recommendations with a priority in the range of 1 to 4 are Level 3 rules, 6 to 9 are Level 2, and 12 to 27 are Level 1.
Rules:
IDS00-J. Sanitize untrusted data passed across a trust boundary
IDS01-J. Normalize strings before validating them
IDS02-J. Canonicalize path names before validating them
IDS03-J. Do not log unsanitized user input
IDS04-J. Safely extract files from ZipInputStream
IDS05-J. Use a subset of ASCII for file and path names
IDS06-J. Exclude unsanitized user input from format strings
IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method
IDS08-J. Sanitize untrusted data passed to a regex
IDS09-J. Do not use locale-dependent methods on locale-dependent data without specifying the appropriate locale
IDS10-J. Do not split characters between two data structures
IDS11-J. Eliminate noncharacter code points before validation
IDS12-J. Perform lossless conversion of String data between differing character encodings
IDS13-J. Use compatible encodings on both sides of file or network IO.

Risk Assessment Summary

We will discuss each rule in detail in next articles.

Source:

https://www.securecoding.cert.org/confluence/display/java/IDS00-J.+Sanitize+untrusted+data+passed+across+a+trust+boundary


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 مرداد 1393

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها: 0