BF Data Validation (DVL) Bugs Class
Irena Bojanova, Inventor, Creator, PI, Bugs Framework (BF)

Definition

Data are validated (syntax check) or sanitized (escape, filter, repair) improperly.

Taxonomy

OperationsDefinition
ValidateCheck data syntax (proper form/grammar) in order to accept (and possibly sanitize) or reject it (incl. check for missing symbols/elements).
SanitizeModify data (neutralize/escape, filter/remove, repair/add symbols) to make it valid (well-formed).
OperandsDefinition
DataThe data value of an object -- stored in object's memory.
CausesDefinition
Code Defect BugThe operation has a bug, which is the first cause for the chain of weaknesses underlying a software security vulnerability. The bug must be fixed to resolve the vulnerability.
   Missing CodeThe entire operation implementation or a part of its specification is absent.
   Erroneous CodeThe operation implementation has a bug.
Specification Defect BugA specification (algorithm, protocol) of an operation an error or a rule (policy, keying material) used by the operation has an error, which when implemented becomes the bug causing the chain of weaknesses underlying a software security vulnerability. It must be fixed to fix the bug and to resolve the vulnerability.
   Under-Restrictive PolicyAccepts bad data.
   Over-Restrictive PolicyRejects good data.
Data FaultThe object data has harmed semantics or inconsistent or wrong value
   Corrupted DataUnintentionally modified data due to a previous weakness (e.g., with a decompress or a decrypt operation); would lead to invalid data for next weakness.
   Tampered DataMaliciously modified data due to a previous weakness (e.g., with a deserialize, authorize, or crypto verify operation); would lead to injection.
   Corrupted Policy DataUnintentionally modified policy data (the values the policy checks for) due to a previous weakness.
   Tampered Policy DataMaliciously modified policy data (the values the policy checks for) due to a previous weakness.
ConsequencesDefinition
Data ErrorThe object data has harmed semantics or inconsistent or wrong value
   Invalid DataData with harmed syntax due to sanitization errors.
Injection Final ErrorAn exploitable or undefined system behavior caused by 'code separation' data validation bugs.
   Query InjectionMaliciously inserted condition parts (e.g., or 1==1) or entire commands (e.g., drop table) into an input used to construct a database query.
   Command InjectionMaliciously inserted new commands into the input to a command sent to an OS or a server.
   Source Code InjectionMaliciously inserted new code (incl. with <> elements) into an input used as a part of an executing application code.
   Parameter InjectionMaliciously inserted of data (e.g., with & parameter separator) into an input used as a parameter/argument in other parts of the code.
   File InjectionMaliciously inserted data (e.g., with .. and / or with file entries) into an input used to access/modify files or as a file content.
Operations AttributesDefinition
MechanismShows how the buggy/faulty operation code is performed.
   SafelistA policy based on a set of known good content.
   DenylistA policy based on a set of known bad content; helps reject outright maliciously malformed data.
   FormatA policy based on syntax format (e.g., defined via regular expression).
   LengthA policy based on allowed number of characters in data. Note that this is not about the data value as size of an object.
Source CodeShows where the buggy/faulty operation code is in the program -- in what kind of software.
   CodebaseThe operation is in the programmer's code - in the application itself.
   Third-PartyThe operation is in a third-party software.
   Standard LibraryThe operation is in the standard library for a particular programming language.
   Compiler/InterpreterThe operation is in the language processor that allows execution or creates executables (compiler, assembler, interpreter).
Execution SpaceShows where the buggy/faulty operation code is running or with what privilege level).
   LocalThe bugged code runs in an environment with access control policy with limited (local user) permission.
   AdminThe bugged code runs in an environment with access control policy with unlimited (admin user) permission.
   Bare-MetalThe bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware.
Operands AttributesDefinition
         Data StateShows where the data come from.
            EnteredThe data are from a user via a user interface (e.g., text field).
            StoredThe data are from a permanent storage (e.g., file, database on a storage device).
            In UseThe data are from a volatile storage (e.g., RAM, cache memory).
            TransferredThe data are from another device via a network (e.g., connecting analog device or another computer).