CQE-129: Array Index Improper Input Neutralization

 
Array Index Improper Input Neutralization
[an error occurred while processing this directive] Definition in a New Window Definition in a New Window
Quality Issue ID: 129 Maturity: Preliminary
+ Description

Description Summary

This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the read or write action to access the array; none of the callable or method control element of the transformation sequence being a range check callable and method control element with regards to the array index.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains to
View
ChildOf
Pr
Practice		9049Array Indexing
Quality Issues Organized by Practices (primary)9002
ChildOf
Ch
Characteristic		9115Security
Default Graph (primary)9001
CanPrecede
Co
Consequence		9038Loss of Data Integrity
Default Graph (primary)9001
CanPrecede
Co
Consequence		9143Failure
Default Graph (primary)9001
CanPrecede
Co
Consequence		9152Unauthorized Access to Sensitive Information
Default Graph (primary)9001

Related Taxonomy Entries

TaxonomyVersionRelated ID
ASCSM1ASCSM-CWE-129
CWE2.11129
+ References
"Automated Source Code Security Measure (ASCSM)". ASCSM-CWE-129. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>.
Page Last Updated or Reviewed: October 01, 2017