CQE-99: Name or Reference Resolution Improper Input Neutralization

 
Name or Reference Resolution Improper Input Neutralization
Quality Issue ID: 99 Maturity: Preliminary
+ Description

Description Summary

This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the platform action to access a resource by its name; none of the callable or method control element of the transformation sequence being a vetted sanitization callable and method control elements from the list of vetted sanitization callable and method control elements.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains to
View
ChildOf
Ch
Characteristic
9115Security
Default Graph (primary)9001
ChildOf
Pr
Practice
9127Resource Identification Control
Quality Issues Organized by Practices (primary)9002
CanPrecede
Co
Consequence
9152Unauthorized Access to Sensitive Information
Default Graph (primary)9001

Related Taxonomy Entries

TaxonomyVersionRelated ID
ASCSM1ASCSM-CWE-99
CWE2.1199
+ References
"Automated Source Code Security Measure (ASCSM)". ASCSM-CWE-99. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>.
Page Last Updated or Reviewed: October 01, 2017