TRUST BOUNDARY VIOLATION

Feature Value
Type Detection
Risk -
Covered by Agent

A trust boundary can be thought of as a line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary - to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.

The most common way to blur that line is to store untrusted data in HTTP Session without properly validating it beforehand. By doing so, developers are likely to assume that data stored in the session came from the application itself, and not from the user, and may use the data in a way that is unsafe.

More information

How to solve it

Proper input validation and output encoding should be used on data before moving it into trusted boundaries.

Sample Code Snippet:

String sessionPolicyId = request.getParameter("id");
if(sessionPolicyId.matches("[0-9a-zA-Z_]+") {
session.setAttribute("sessionPolicyId",sessionPolicyId);
}