CRITICAL
Rule Definition
Without well-established and maintained trust boundaries, programmers will inevitably lose track of which pieces of data have been validated and which have not. This confusion will eventually allow some data to be used without first being validated.
Remediation
Perform input data validation before storing or transmitting the data.
Violation Code Sample
$usrname = $_GET["usrname"];
if (!isset($_SESSION["attr_user"])) {
$_SESSION["attr_user"] = $usrname; // VIOLATION
}
Fixed Code Sample
/**
* @psalm-taint-escape session
*/
function my_escaping_function_for_session(string $input) : string {
// Check that $input belongs to a white-list of acceptable data for $_SESSION.
}
$usrname = $_GET["usrname"];
if (!isset($_SESSION["attr_user"])) {
$usrname = my_escaping_function_for_session($usrname); // USE A FUNCTION ANNOTATED WITH @psalm-taint-escape session
$_SESSION["attr_user"] = $usrname; // FIXED
}
Reference
CWE-501: Trust Boundary Violation
https://cwe.mitre.org/data/definitions/501.html
Open Web Application Security Project (OWASP)
OWASP Top Ten 2017 - A3:2017-Sensitive Data Exposure
https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure
OWASP Top Ten 2021 Category A04:2021 - Insecure Design
https://owasp.org/Top10/A04_2021-Insecure_Design/
Related Technologies
Technical Criterion
Secure Coding - Input Validation
About CAST Appmarq
CAST Appmarq is by far the biggest repository of data about real IT systems. It's built on thousands of analyzed applications, made of 35 different technologies, by over 300 business organizations across major verticals. It provides IT Leaders with factual key analytics to let them know if their applications are on track.