BF Data Validation (DVL) Bugs Class

Definition

Data Validation (DVL) class – Data are validated (i.e., syntax check) or sanitized (i.e., escape, filter, or repair) improperly.

Taxonomy

OperationsDefinition
ValidateValidate operation – Check data syntax (e.g., proper form or grammar, including missing symbols or elements) in order to accept (and possibly sanitize) or reject it.
SanitizeSanitize operation – Modify data (e.g., neutralize/escape, filter/remove, repair/add symbols) to make it valid (well-formed).
OperandsDefinition
DataData operand – The data value of an object – i.e., the actual value that is stored in memory.
CausesDefinition
Code BugCode Bug type – An error in the implementation of an operation – proper operands over an improper operation. A first cause for the chain of weaknesses underlying a software security vulnerability. Must be fixed to resolve the vulnerability.
   Missing CodeMissing Code bug - The operation is entirely absent.
   Erroneous CodeErroneous Code bug - There is a coding error in the implementation of the operation.
Specification BugSpecification Bug type – A defect in the metadata or algorithm of an operation – proper operands over an improper operation. It is always the first cause for the chain of weaknesses underlying a software security vulnerability. It must be fixed to resolve the vulnerability.
   Under-Restrictive PolicyAccepts bad data.
   Over-Restrictive PolicyRejects good data.
Data FaultData Fault/Error type – The data of an object has harmed semantics or inconsistent or wrong value.
   Corrupted DataCorrupted Data fault/error – The data is modified unintentionally due to a previous weakness (e.g., with a decompress or a decrypt operation); would lead to invalid data for next weakness.
   Tampered DataTampered Data fault/error – Maliciously modified data due to a previous weakness (e.g., with a deserialize, authorize, or crypto verify operation); would lead to injection.
   Corrupted Policy DataCorrupted Policy Data fault/error – Policy data is modified unintentionally (the values the policy checks for) due to a previous weakness.
   Tampered Policy DataTampered Policy Data fault/error – Maliciously modified policy data (the values the policy checks for) due to a previous weakness.
ConsequencesDefinition
Data ErrorData Fault/Error type – The data of an object has harmed semantics or inconsistent or wrong value.
   Invalid DataInvalid Data fault/error – The data has harmed syntax due to sanitization errors.
Injection Final ErrorInjection final error type – An exploitable or undefined system behavior caused by validation or sanitization bugs.
   Query InjectionQuery Injection final error – Maliciously inserted condition parts (e.g., or 1==1) or entire commands (e.g., drop table) into an input used to construct a query.
   Command InjectionCommand Injection final error – Maliciously inserted new commands into the input to a command sent to an OS or a server.
   Source Code InjectionSource Code Injection final error – Maliciously inserted new code (incl. with <> elements) into an input used as a part of an executing application code.
   Parameter InjectionParameter Injection final error – Maliciously inserted data (e.g., with & parameter separator) into an input used as a parameter/argument in other parts of the code.
   File InjectionFile Injection final error – Maliciously inserted data (e.g., with .. and / or with file entries) into an input used to access/modify files or as a file content.
Operations AttributesDefinition
MechanismMechanism operation attribute type – Shows how the operation the operation with a bug or faulty operand is performed.
   SafelistSafelist operation attribute – The operation is via a policy based on a set of known good content.
   DenylistDenylist operation attribute – The operation is via a policy based on a set of known bad content; helps reject outright maliciously malformed data.
   FormatFormat operation attribute – The operation is via a policy based on syntax format (e.g., defined via regular expression).
   LengthLength operation attribute – The operation uses a policy based on allowed number of characters in data. Note that this is not about the data value as size of an object.
Source CodeSource Code operation attribute type – Shows where the code of the operation with a bug or faulty operand resides within the software, firmware, or hardware.
   CodebaseCodebase operation attribute – The operation is in the programmer's code - in the application itself.
   Third-PartyThird-Party operation attribute – The operation code is in a third-party source.
   Standard LibraryStandard Library operation attribute – The operation code is in the standard library for a particular programming language.
   Compiler/InterpreterCompiler/Interpreter operation attribute – The operation code is in the language processor that allows execution or creates executables (interpreter, compiler, assembler).
Execution SpaceExecution Space operation attribute type – Shows where the operation with a bug or faulty operand is executed and the privilege level at which it runs.
   LocalLocal operation attribute – The bugged code runs in an environment with access control policy with limited (local user) permission.
   AdminAdmin operation attribute – The bugged code runs in an environment with access control policy with unlimited (admin user) permission.
   Bare-MetalBare-Metal operation attribute – The bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware.
Operands AttributesDefinition
         Data StateData State operand attribute type – Shows where the data comes from.
            EnteredEntered operand attribute – Data are from a user via a user interface (e.g., input field of a dialog or a command prompt).
            StoredStored operand attribute – Data are from a permanent storage (e.g., file, database on a storage device); they are at rest.
            In UseIn Use operand attribute – Data are from a volatile storage (e.g., RAM, cache memory).
            TransferredTransferred operand attribute – Data are from another device via a network (e.g., connecting analog device or another computer).