Defectos de seguridad
Estos defectos identifican ubicaciones en el código que son susceptibles a ataques de seguridad o intrusiones maliciosas. Muchos de estos defectos no provocan errores en tiempo de ejecución, sino que señalan áreas de riesgo en el código. Entre estos defectos se incluyen:
Gestión de datos sensibles
Uso de funciones peligrosas u obsoletas
Generación de números aleatorios
Rutas y comandos controlados externamente
Resultados de Polyspace
File access between time of check and use (TOCTOU) | File or folder might change state due to access race |
File descriptor exposure to child process | Copied file descriptor used in multiple processes |
File manipulation after chroot without chdir | Path-related vulnerabilities for file manipulated after
call to chroot |
Inappropriate I/O operation on device files | Operation can result in security vulnerabilities or a system failure |
Unsafe call to a system function | Unsanitized command argument has exploitable vulnerabilities |
Use of non-secure temporary file | Temporary generated file name not secure |
Vulnerable path manipulation | Path argument with /../, /abs/path/,
or other unsecure elements |
Bad order of dropping privileges | Dropped higher elevated privileges before dropping lower elevated privileges |
Privilege drop not verified | Attacker can gain unintended elevated access to program |
Umask used with chmod-style arguments | Argument to umask allows external user
too much control |
Vulnerable permission assignments | Argument gives read/write/search permissions to external users |
Unsafe standard encryption function | Function is not reentrant or uses a risky encryption algorithm |
Unsafe standard function | Function unsafe for security-related purposes |
Use of dangerous standard function | Dangerous functions cause possible buffer overflow in destination buffer |
Use of obsolete standard function | Obsolete routines can cause security vulnerabilities and portability issues |
LDAP injection | Data read from an untrusted source is used in the construction of an LDAP query (Desde R2023a) |
SQL injection | Data read from an untrusted source is used in the construction of an SQL query (Desde R2023a) |
Deterministic random output from constant seed | Seeding routine uses a constant seed making the output deterministic |
Predictable random output from predictable seed | Seeding routine uses a predictable seed making the output predictable |
Vulnerable pseudo-random number generator | Using a cryptographically weak pseudo-random number generator |
Critical data
member is not private | A critical data member is declared public (Desde R2022a) |
Errno not checked | errno is not checked for error conditions
following function call |
Execution of a binary from a relative path can
be controlled by an external actor | Command with relative path is vulnerable to malicious attack |
Function pointer assigned with absolute
address | Constant expression is used as function address is vulnerable to code injection |
Hard-coded
sensitive data | Sensitive data is exposed in code, for instance as string literals |
Incorrect order of network connection
operations | Socket is not correctly established due to bad order of connection steps or missing steps |
Information leak
via structure padding | Padding bytes can contain sensitive information |
Load of library from a relative path can be
controlled by an external actor | Library loaded with relative path is vulnerable to malicious attacks |
Mismatch between data length and
size | Data size argument is not computed from actual data length |
Missing case for switch
condition | switch variable not covered by cases and default case is
missing |
Misuse of readlink() | Third argument of readlink does not
leave space for null terminator in buffer |
Plain text
password stored in file system | Password stored in files in plain text format (Desde R2023b) |
Resource
injection | Data input is not properly restricted before being used as a resource identifier (Desde R2024a) |
Returned value of a sensitive function not
checked | Sensitive functions called without checking for unexpected return values and errors |
Sensitive data printed out | Function prints sensitive data |
Sensitive heap memory not cleared before
release | Sensitive data not cleared or released by memory routine |
Uncertain memory
cleaning | The code clears information that might be sensitive from memory but compiler optimization might leave the information untouched (Desde R2022a) |
Uncleared sensitive data in
stack | Variable in stack is not cleared and contains sensitive data |
Temas
- Bug Finder Defect Groups
The Bug Finder defect checkers are classified into groups such as data flow, concurrency, numerical, and so on.
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Seleccione un país/idioma
Seleccione un país/idioma para obtener contenido traducido, si está disponible, y ver eventos y ofertas de productos y servicios locales. Según su ubicación geográfica, recomendamos que seleccione: .
También puede seleccionar uno de estos países/idiomas:
Cómo obtener el mejor rendimiento
Seleccione China (en idioma chino o inglés) para obtener el mejor rendimiento. Los sitios web de otros países no están optimizados para ser accedidos desde su ubicación geográfica.
América
- América Latina (Español)
- Canada (English)
- United States (English)
Europa
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)