[
  {
    "instruction": "How can the CWE weakness \"Improper Neutralization of Script in Attributes in a Web Page\" be detected?",
    "context": "",
    "output": "Here are methods to detect CWE Improper Neutralization of Script in Attributes in a Web Page:\n(1) Method:Automated Static Analysis.\nDescription: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 83,
      "Name": "Improper Neutralization of Script in Attributes in a Web Page",
      "Weakness Abstraction": "Variant",
      "Status": "Draft",
      "Description": "The product does not neutralize or incorrectly neutralizes javascript: or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.",
      "Extended Description": "",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:79:VIEW ID:1000:ORDINAL:Primary::",
      "Weakness Ordinalities": "::ORDINALITY:Primary::",
      "Applicable Platforms": "::LANGUAGE CLASS:Not Language-Specific:LANGUAGE PREVALENCE:Undetermined::",
      "Background Details": "",
      "Alternate Terms": "",
      "Modes Of Introduction": "::PHASE:Implementation::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Confidentiality:SCOPE:Integrity:SCOPE:Availability:IMPACT:Read Application Data:IMPACT:Execute Unauthorized Code or Commands::",
      "Detection Methods": "::METHOD:Automated Static Analysis:DESCRIPTION:Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Implementation:DESCRIPTION:Carefully check each input parameter against a rigorous positive specification (allowlist) defining the specific characters and format allowed. All input should be neutralized, not just parameters that the user is supposed to specify, but all data in the request, including tag attributes, hidden fields, cookies, headers, the URL itself, and so forth. A common mistake that leads to continuing XSS vulnerabilities is to validate only fields that are expected to be redisplayed by the site. We often encounter data from the request that is reflected by the application server or the application that the development team did not anticipate. Also, a field that is not currently reflected may be used by a future developer. Therefore, validating ALL parts of the HTTP request is recommended.::PHASE:Implementation:STRATEGY:Output Encoding:DESCRIPTION:Use and specify an output encoding that can be handled by the downstream component that is reading the output. Common encodings include ISO-8859-1, UTF-7, and UTF-8. When an encoding is not specified, a downstream component may choose a different encoding, either by assuming a default encoding or automatically inferring which encoding is being used, which can be erroneous. When the encodings are inconsistent, the downstream component might treat some character or byte sequences as special, even if they are not special in the original encoding. Attackers might then be able to exploit this discrepancy and conduct injection attacks; they even might be able to bypass protection mechanisms that assume the original encoding is also being used by the downstream component. The problem of inconsistent output encodings often arises in web pages. If an encoding is not specified in an HTTP header, web browsers often guess about which encoding is being used. This can open up the browser to subtle XSS attacks.::PHASE:Implementation:DESCRIPTION:With Struts, write all data from form beans with the bean's filter attribute set to true.::PHASE:Implementation:STRATEGY:Attack Surface Reduction:DESCRIPTION:To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.:EFFECTIVENESS:Defense in Depth::",
      "Observed Examples": "::REFERENCE:CVE-2001-0520:DESCRIPTION:Bypass filtering of SCRIPT tags using onload in BODY, href in A, BUTTON, INPUT, and others.:LINK:https://www.cve.org/CVERecord?id=CVE-2001-0520::REFERENCE:CVE-2002-1493:DESCRIPTION:guestbook XSS in STYLE or IMG SRC attributes.:LINK:https://www.cve.org/CVERecord?id=CVE-2002-1493::REFERENCE:CVE-2002-1965:DESCRIPTION:Javascript in onerror attribute of IMG tag.:LINK:https://www.cve.org/CVERecord?id=CVE-2002-1965::REFERENCE:CVE-2002-1495:DESCRIPTION:XSS in web-based email product via onmouseover event.:LINK:https://www.cve.org/CVERecord?id=CVE-2002-1495::REFERENCE:CVE-2002-1681:DESCRIPTION:XSS via script in <P> tag.:LINK:https://www.cve.org/CVERecord?id=CVE-2002-1681::REFERENCE:CVE-2004-1935:DESCRIPTION:Onload, onmouseover, and other events in an e-mail attachment.:LINK:https://www.cve.org/CVERecord?id=CVE-2004-1935::REFERENCE:CVE-2005-0945:DESCRIPTION:Onmouseover and onload events in img, link, and mail tags.:LINK:https://www.cve.org/CVERecord?id=CVE-2005-0945::REFERENCE:CVE-2003-1136:DESCRIPTION:Javascript in onmouseover attribute in e-mail address or URL.:LINK:https://www.cve.org/CVERecord?id=CVE-2003-1136::",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:PLOVER:ENTRY NAME:XSS using Script in Attributes::TAXONOMY NAME:Software Fault Patterns:ENTRY ID:SFP24:ENTRY NAME:Tainted input to command::",
      "Related Attack Patterns": "::243::244::588::",
      "Notes": ""
    }
  },
  {
    "instruction": "List the detection techniques for CWE \"Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')\".",
    "context": "",
    "output": "Below are detection techniques applicable to CWE Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection'):\n(1) Method:Automated Static Analysis.\nDescription: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 90,
      "Name": "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')",
      "Weakness Abstraction": "Base",
      "Status": "Draft",
      "Description": "The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.",
      "Extended Description": "",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:943:VIEW ID:1000:ORDINAL:Primary::",
      "Weakness Ordinalities": "",
      "Applicable Platforms": "::LANGUAGE CLASS:Not Language-Specific:LANGUAGE PREVALENCE:Undetermined::TECHNOLOGY NAME:Database Server:TECHNOLOGY PREVALENCE:Undetermined::",
      "Background Details": "",
      "Alternate Terms": "",
      "Modes Of Introduction": "::PHASE:Implementation:NOTE:REALIZATION: This weakness is caused during implementation of an architectural security tactic.::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Confidentiality:SCOPE:Integrity:SCOPE:Availability:IMPACT:Execute Unauthorized Code or Commands:IMPACT:Read Application Data:IMPACT:Modify Application Data:NOTE:An attacker could include input that changes the LDAP query which allows unintended commands or code to be executed, allows sensitive data to be read or modified or causes other unintended behavior.::",
      "Detection Methods": "::METHOD:Automated Static Analysis:DESCRIPTION:Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Implementation:STRATEGY:Input Validation:DESCRIPTION:Assume all input is malicious. Use an accept known good input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, boat may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as red or blue. Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.::",
      "Observed Examples": "::REFERENCE:CVE-2021-41232:DESCRIPTION:Chain: authentication routine in Go-based agile development product does not escape user name (CWE-116), allowing LDAP injection (CWE-90):LINK:https://www.cve.org/CVERecord?id=CVE-2021-41232::REFERENCE:CVE-2005-2301:DESCRIPTION:Server does not properly escape LDAP queries, which allows remote attackers to cause a DoS and possibly conduct an LDAP injection attack.:LINK:https://www.cve.org/CVERecord?id=CVE-2005-2301::",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:PLOVER:ENTRY NAME:LDAP injection::TAXONOMY NAME:OWASP Top Ten 2007:ENTRY ID:A2:ENTRY NAME:Injection Flaws:MAPPING FIT:CWE More Specific::TAXONOMY NAME:WASC:ENTRY ID:29:ENTRY NAME:LDAP Injection::TAXONOMY NAME:Software Fault Patterns:ENTRY ID:SFP24:ENTRY NAME:Tainted input to command::",
      "Related Attack Patterns": "::136::",
      "Notes": "::TYPE:Relationship:NOTE:Factors: resultant to special character mismanagement, MAID, or denylist/allowlist problems. Can be primary to authentication and verification errors.::"
    }
  },
  {
    "instruction": "How can the CWE weakness \"Creation of Temporary File in Directory with Insecure Permissions\" be detected?",
    "context": "",
    "output": "Here are methods to detect CWE Creation of Temporary File in Directory with Insecure Permissions:\n(1) Method:Automated Static Analysis.\nDescription: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 379,
      "Name": "Creation of Temporary File in Directory with Insecure Permissions",
      "Weakness Abstraction": "Base",
      "Status": "Incomplete",
      "Description": "The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.",
      "Extended Description": "On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the application that is using the temporary file could be known. If one has access to list the processes on the system, the attacker has gained information about what the user is doing at that time. By correlating this with the applications the user is running, an attacker could potentially discover what a user's actions are. From this, higher levels of security could be breached.",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:377:VIEW ID:1000:ORDINAL:Primary::",
      "Weakness Ordinalities": "",
      "Applicable Platforms": "::LANGUAGE CLASS:Not Language-Specific:LANGUAGE PREVALENCE:Undetermined::",
      "Background Details": "",
      "Alternate Terms": "",
      "Modes Of Introduction": "::PHASE:Implementation::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Confidentiality:IMPACT:Read Application Data:NOTE:Since the file is visible and the application which is using the temp file could be known, the attacker has gained information about what the user is doing at that time.::",
      "Detection Methods": "::METHOD:Automated Static Analysis:DESCRIPTION:Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Requirements:DESCRIPTION:Many contemporary languages have functions which properly handle this condition. Older C temp file functions are especially susceptible.::PHASE:Implementation:DESCRIPTION:Try to store sensitive tempfiles in a directory which is not world readable -- i.e., per-user directories.::PHASE:Implementation:DESCRIPTION:Avoid using vulnerable temp file functions.::",
      "Observed Examples": "",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:CLASP:ENTRY NAME:Guessed or visible temporary file::TAXONOMY NAME:CERT C Secure Coding:ENTRY ID:FIO15-C:ENTRY NAME:Ensure that file operations are performed in a secure directory::",
      "Related Attack Patterns": "",
      "Notes": ""
    }
  },
  {
    "instruction": "List the detection techniques for CWE \"Improper Link Resolution Before File Access ('Link Following')\".",
    "context": "",
    "output": "Below are detection techniques applicable to CWE Improper Link Resolution Before File Access ('Link Following'):\n(1) Method:Automated Static Analysis - Binary or Bytecode.\nDescription: According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Bytecode Weakness Analysis - including disassembler + source code weakness analysis.\nEffectiveness: None.\n(2) Method:Manual Static Analysis - Binary or Bytecode.\nDescription: According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies.\nEffectiveness: None.\n(3) Method:Dynamic Analysis with Automated Results Interpretation.\nDescription: According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Web Application Scanner Web Services Scanner Database Scanners.\nEffectiveness: None.\n(4) Method:Dynamic Analysis with Manual Results Interpretation.\nDescription: According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Fuzz Tester Framework-based Fuzzer.\nEffectiveness: None.\n(5) Method:Manual Static Analysis - Source Code.\nDescription: According to SOAR, the following detection techniques may be useful: Highly cost effective: Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections).\nEffectiveness: None.\n(6) Method:Automated Static Analysis - Source Code.\nDescription: According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer.\nEffectiveness: None.\n(7) Method:Architecture or Design Review.\nDescription: According to SOAR, the following detection techniques may be useful: Highly cost effective: Formal Methods / Correct-By-Construction Cost effective for partial coverage: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 59,
      "Name": "Improper Link Resolution Before File Access ('Link Following')",
      "Weakness Abstraction": "Base",
      "Status": "Draft",
      "Description": "The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.",
      "Extended Description": "",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:706:VIEW ID:1000:ORDINAL:Primary::NATURE:ChildOf:CWE ID:706:VIEW ID:1003:ORDINAL:Primary::",
      "Weakness Ordinalities": "::ORDINALITY:Resultant::",
      "Applicable Platforms": "::LANGUAGE CLASS:Not Language-Specific:LANGUAGE PREVALENCE:Undetermined::OPERATING SYSTEM CLASS:Windows:OPERATING SYSTEM PREVALENCE:Sometimes::OPERATING SYSTEM CLASS:Unix:OPERATING SYSTEM PREVALENCE:Often::",
      "Background Details": "::Soft links are a UNIX term that is synonymous with simple shortcuts on Windows-based platforms.::",
      "Alternate Terms": "::TERM:insecure temporary file:DESCRIPTION:Some people use the phrase insecure temporary file when referring to a link following weakness, but other weaknesses can produce insecure temporary files without any symlink involvement at all.::TERM:Zip Slip:DESCRIPTION:Zip slip is an attack that uses file archives (e.g., ZIP, tar, rar, etc.) that contain filenames with path traversal sequences that cause the files to be written outside of the directory under which the archive is expected to be extracted [REF-1282]. It is most commonly used for relative path traversal (CWE-23) and link following (CWE-59).::",
      "Modes Of Introduction": "::PHASE:Implementation:NOTE:REALIZATION: This weakness is caused during implementation of an architectural security tactic.::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Confidentiality:SCOPE:Integrity:SCOPE:Access Control:IMPACT:Read Files or Directories:IMPACT:Modify Files or Directories:IMPACT:Bypass Protection Mechanism:NOTE:An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. If the files are used for a security mechanism then an attacker may be able to bypass the mechanism.::SCOPE:Other:IMPACT:Execute Unauthorized Code or Commands:NOTE:Windows simple shortcuts, sometimes referred to as soft links, can be exploited remotely since a .LNK file can be uploaded like a normal file. This can enable remote execution.::",
      "Detection Methods": "::METHOD:Automated Static Analysis - Binary or Bytecode:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Bytecode Weakness Analysis - including disassembler + source code weakness analysis:EFFECTIVENESS:SOAR Partial::METHOD:Manual Static Analysis - Binary or Bytecode:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies:EFFECTIVENESS:SOAR Partial::METHOD:Dynamic Analysis with Automated Results Interpretation:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Web Application Scanner Web Services Scanner Database Scanners:EFFECTIVENESS:SOAR Partial::METHOD:Dynamic Analysis with Manual Results Interpretation:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Fuzz Tester Framework-based Fuzzer:EFFECTIVENESS:SOAR Partial::METHOD:Manual Static Analysis - Source Code:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Highly cost effective: Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections):EFFECTIVENESS:High::METHOD:Automated Static Analysis - Source Code:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer:EFFECTIVENESS:SOAR Partial::METHOD:Architecture or Design Review:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Highly cost effective: Formal Methods / Correct-By-Construction Cost effective for partial coverage: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Architecture and Design:STRATEGY:Separation of Privilege:DESCRIPTION:Follow the principle of least privilege when assigning access rights to entities in a software system. Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.::",
      "Observed Examples": "::REFERENCE:CVE-1999-1386:DESCRIPTION:Some versions of Perl follow symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack.:LINK:https://www.cve.org/CVERecord?id=CVE-1999-1386::REFERENCE:CVE-2000-1178:DESCRIPTION:Text editor follows symbolic links when creating a rescue copy during an abnormal exit, which allows local users to overwrite the files of other users.:LINK:https://www.cve.org/CVERecord?id=CVE-2000-1178::REFERENCE:CVE-2004-0217:DESCRIPTION:Antivirus update allows local users to create or append to arbitrary files via a symlink attack on a logfile.:LINK:https://www.cve.org/CVERecord?id=CVE-2004-0217::REFERENCE:CVE-2003-0517:DESCRIPTION:Symlink attack allows local users to overwrite files.:LINK:https://www.cve.org/CVERecord?id=CVE-2003-0517::REFERENCE:CVE-2004-0689:DESCRIPTION:Window manager does not properly handle when certain symbolic links point to stale locations, which could allow local users to create or truncate arbitrary files.:LINK:https://www.cve.org/CVERecord?id=CVE-2004-0689::REFERENCE:CVE-2005-1879:DESCRIPTION:Second-order symlink vulnerabilities:LINK:https://www.cve.org/CVERecord?id=CVE-2005-1879::REFERENCE:CVE-2005-1880:DESCRIPTION:Second-order symlink vulnerabilities:LINK:https://www.cve.org/CVERecord?id=CVE-2005-1880::REFERENCE:CVE-2005-1916:DESCRIPTION:Symlink in Python program:LINK:https://www.cve.org/CVERecord?id=CVE-2005-1916::REFERENCE:CVE-2000-0972:DESCRIPTION:Setuid product allows file reading by replacing a file being edited with a symlink to the targeted file, leaking the result in error messages when parsing fails.:LINK:https://www.cve.org/CVERecord?id=CVE-2000-0972::REFERENCE:CVE-2005-0824:DESCRIPTION:Signal causes a dump that follows symlinks.:LINK:https://www.cve.org/CVERecord?id=CVE-2005-0824::REFERENCE:CVE-2001-1494:DESCRIPTION:Hard link attack, file overwrite; interesting because program checks against soft links:LINK:https://www.cve.org/CVERecord?id=CVE-2001-1494::REFERENCE:CVE-2002-0793:DESCRIPTION:Hard link and possibly symbolic link following vulnerabilities in embedded operating system allow local users to overwrite arbitrary files.:LINK:https://www.cve.org/CVERecord?id=CVE-2002-0793::REFERENCE:CVE-2003-0578:DESCRIPTION:Server creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.:LINK:https://www.cve.org/CVERecord?id=CVE-2003-0578::REFERENCE:CVE-1999-0783:DESCRIPTION:Operating system allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.:LINK:https://www.cve.org/CVERecord?id=CVE-1999-0783::REFERENCE:CVE-2004-1603:DESCRIPTION:Web hosting manager follows hard links, which allows local users to read or modify arbitrary files.:LINK:https://www.cve.org/CVERecord?id=CVE-2004-1603::REFERENCE:CVE-2004-1901:DESCRIPTION:Package listing system allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.:LINK:https://www.cve.org/CVERecord?id=CVE-2004-1901::REFERENCE:CVE-2005-1111:DESCRIPTION:Hard link race condition:LINK:https://www.cve.org/CVERecord?id=CVE-2005-1111::REFERENCE:CVE-2000-0342:DESCRIPTION:Mail client allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka Stealth Attachment.:LINK:https://www.cve.org/CVERecord?id=CVE-2000-0342::REFERENCE:CVE-2001-1042:DESCRIPTION:FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.:LINK:https://www.cve.org/CVERecord?id=CVE-2001-1042::REFERENCE:CVE-2001-1043:DESCRIPTION:FTP server allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.:LINK:https://www.cve.org/CVERecord?id=CVE-2001-1043::REFERENCE:CVE-2005-0587:DESCRIPTION:Browser allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.:LINK:https://www.cve.org/CVERecord?id=CVE-2005-0587::REFERENCE:CVE-2001-1386:DESCRIPTION:.LNK. - .LNK with trailing dot:LINK:https://www.cve.org/CVERecord?id=CVE-2001-1386::REFERENCE:CVE-2003-1233:DESCRIPTION:Rootkits can bypass file access restrictions to Windows kernel directories using NtCreateSymbolicLinkObject function to create symbolic link:LINK:https://www.cve.org/CVERecord?id=CVE-2003-1233::REFERENCE:CVE-2002-0725:DESCRIPTION:File system allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.:LINK:https://www.cve.org/CVERecord?id=CVE-2002-0725::REFERENCE:CVE-2003-0844:DESCRIPTION:Web server plugin allows local users to overwrite arbitrary files via a symlink attack on predictable temporary filenames.:LINK:https://www.cve.org/CVERecord?id=CVE-2003-0844::REFERENCE:CVE-2015-3629:DESCRIPTION:A Libcontainer used in Docker Engine allows local users to escape containerization and write to an arbitrary file on the host system via a symlink attack in an image when respawning a container.:LINK:https://www.cve.org/CVERecord?id=CVE-2015-3629::REFERENCE:CVE-2021-21272:DESCRIPTION:Zip Slip vulnerability in Go-based Open Container Initiative (OCI) registries product allows writing arbitrary files outside intended directory via symbolic links or hard links in a gzipped tarball.:LINK:https://www.cve.org/CVERecord?id=CVE-2021-21272::REFERENCE:CVE-2020-27833:DESCRIPTION:Zip Slip vulnerability in container management product allows writing arbitrary files outside intended directory via a container image (.tar format) with filenames that are symbolic links that point to other files within the same tar file; however, the files being pointed to can also be symbolic links to destinations outside the intended directory, bypassing the initial check.:LINK:https://www.cve.org/CVERecord?id=CVE-2020-27833::",
      "Functional Areas": "::File Processing::",
      "Affected Resources": "::File or Directory::",
      "Taxonomy Mappings": "::TAXONOMY NAME:PLOVER:ENTRY NAME:Link Following::TAXONOMY NAME:CERT C Secure Coding:ENTRY ID:FIO02-C:ENTRY NAME:Canonicalize path names originating from untrusted sources::TAXONOMY NAME:CERT C Secure Coding:ENTRY ID:POS01-C:ENTRY NAME:Check for the existence of links when dealing with files::TAXONOMY NAME:SEI CERT Perl Coding Standard:ENTRY ID:FIO01-PL:ENTRY NAME:Do not operate on files that can be modified by untrusted users:MAPPING FIT:CWE More Specific::TAXONOMY NAME:Software Fault Patterns:ENTRY ID:SFP18:ENTRY NAME:Link in resource name resolution::",
      "Related Attack Patterns": "::132::17::35::76::",
      "Notes": "::TYPE:Theoretical:NOTE:Link following vulnerabilities are Multi-factor Vulnerabilities (MFV). They are the combination of multiple elements: file or directory permissions, filename predictability, race conditions, and in some cases, a design limitation in which there is no mechanism for performing atomic file creation operations. Some potential factors are race conditions, permissions, and predictability.::"
    }
  },
  {
    "instruction": "List the detection techniques for CWE \"Access of Memory Location After End of Buffer\".",
    "context": "",
    "output": "Below are detection techniques applicable to CWE Access of Memory Location After End of Buffer:\n(1) Method:Fuzzing.\nDescription: Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues..\nEffectiveness: None.\n(2) Method:Automated Static Analysis.\nDescription: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 788,
      "Name": "Access of Memory Location After End of Buffer",
      "Weakness Abstraction": "Base",
      "Status": "Incomplete",
      "Description": "The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.",
      "Extended Description": "This typically occurs when a pointer or its index is incremented to a position after the buffer; or when pointer arithmetic results in a position after the buffer.",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:119:VIEW ID:1000:ORDINAL:Primary::NATURE:ChildOf:CWE ID:119:VIEW ID:1305:ORDINAL:Primary::NATURE:ChildOf:CWE ID:119:VIEW ID:1340:ORDINAL:Primary::",
      "Weakness Ordinalities": "",
      "Applicable Platforms": "",
      "Background Details": "",
      "Alternate Terms": "",
      "Modes Of Introduction": "",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Confidentiality:IMPACT:Read Memory:NOTE:For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffers position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences.::SCOPE:Integrity:SCOPE:Availability:IMPACT:Modify Memory:IMPACT:DoS: Crash, Exit, or Restart:NOTE:Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.::SCOPE:Integrity:IMPACT:Modify Memory:IMPACT:Execute Unauthorized Code or Commands:NOTE:If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), they can redirect a function pointer to their own malicious code. Even when the attacker can only modify a single byte arbitrary code execution can be possible. Sometimes this is because the same problem can be exploited repeatedly to the same effect. Other times it is because the attacker can overwrite security-critical application-specific data -- such as a flag indicating whether the user is an administrator.::",
      "Detection Methods": "::METHOD:Fuzzing:DESCRIPTION:Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.:EFFECTIVENESS:High::METHOD:Automated Static Analysis:DESCRIPTION:Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "",
      "Observed Examples": "::REFERENCE:CVE-2009-2550:DESCRIPTION:Classic stack-based buffer overflow in media player using a long entry in a playlist:LINK:https://www.cve.org/CVERecord?id=CVE-2009-2550::REFERENCE:CVE-2009-2403:DESCRIPTION:Heap-based buffer overflow in media player using a long entry in a playlist:LINK:https://www.cve.org/CVERecord?id=CVE-2009-2403::REFERENCE:CVE-2009-0689:DESCRIPTION:large precision value in a format string triggers overflow:LINK:https://www.cve.org/CVERecord?id=CVE-2009-0689::REFERENCE:CVE-2009-0558:DESCRIPTION:attacker-controlled array index leads to code execution:LINK:https://www.cve.org/CVERecord?id=CVE-2009-0558::REFERENCE:CVE-2008-4113:DESCRIPTION:OS kernel trusts userland-supplied length value, allowing reading of sensitive information:LINK:https://www.cve.org/CVERecord?id=CVE-2008-4113::REFERENCE:CVE-2007-4268:DESCRIPTION:Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122):LINK:https://www.cve.org/CVERecord?id=CVE-2007-4268::",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:OMG ASCRM:ENTRY ID:ASCRM-CWE-788::",
      "Related Attack Patterns": "",
      "Notes": ""
    }
  },
  {
    "instruction": "List the detection techniques for CWE \"Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')\".",
    "context": "",
    "output": "Below are detection techniques applicable to CWE Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection'):\n(1) Method:Automated Static Analysis.\nDescription: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 470,
      "Name": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
      "Weakness Abstraction": "Base",
      "Status": "Draft",
      "Description": "The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.",
      "Extended Description": "If the product uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select unexpected classes or methods. If this occurs, then the attacker could create control flow paths that were not intended by the developer. These paths could bypass authentication or access control checks, or otherwise cause the product to behave in an unexpected manner. This situation becomes a doomsday scenario if the attacker can upload files into a location that appears on the product's classpath (CWE-427) or add new entries to the product's classpath (CWE-426). Under either of these conditions, the attacker can use reflection to introduce new, malicious behavior into the product.",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:913:VIEW ID:1000:ORDINAL:Primary::NATURE:ChildOf:CWE ID:913:VIEW ID:1003:ORDINAL:Primary::NATURE:ChildOf:CWE ID:610:VIEW ID:1000::NATURE:ChildOf:CWE ID:20:VIEW ID:700:ORDINAL:Primary::",
      "Weakness Ordinalities": "",
      "Applicable Platforms": "::LANGUAGE NAME:Java:LANGUAGE PREVALENCE:Undetermined::LANGUAGE NAME:PHP:LANGUAGE PREVALENCE:Undetermined::LANGUAGE CLASS:Interpreted:LANGUAGE PREVALENCE:Sometimes::",
      "Background Details": "",
      "Alternate Terms": "::TERM:Reflection Injection::",
      "Modes Of Introduction": "::PHASE:Architecture and Design::PHASE:Implementation::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Integrity:SCOPE:Confidentiality:SCOPE:Availability:SCOPE:Other:IMPACT:Execute Unauthorized Code or Commands:IMPACT:Alter Execution Logic:NOTE:The attacker might be able to execute code that is not directly accessible to the attacker. Alternately, the attacker could call unexpected code in the wrong place or the wrong time, possibly modifying critical system state.::SCOPE:Availability:SCOPE:Other:IMPACT:DoS: Crash, Exit, or Restart:IMPACT:Other:NOTE:The attacker might be able to use reflection to call the wrong code, possibly with unexpected arguments that violate the API (CWE-227). This could cause the product to exit or hang.::SCOPE:Confidentiality:IMPACT:Read Application Data:NOTE:By causing the wrong code to be invoked, the attacker might be able to trigger a runtime error that leaks sensitive information in the error message, such as CWE-536.::",
      "Detection Methods": "::METHOD:Automated Static Analysis:DESCRIPTION:Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Architecture and Design:DESCRIPTION:Refactor your code to avoid using reflection.::PHASE:Architecture and Design:DESCRIPTION:Do not use user-controlled inputs to select and load classes or code.::PHASE:Implementation:DESCRIPTION:Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code.::",
      "Observed Examples": "::REFERENCE:CVE-2004-2331:DESCRIPTION:Database system allows attackers to bypass sandbox restrictions by using the Reflection APi.:LINK:https://www.cve.org/CVERecord?id=CVE-2004-2331::",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:7 Pernicious Kingdoms:ENTRY NAME:Unsafe Reflection::TAXONOMY NAME:The CERT Oracle Secure Coding Standard for Java (2011):ENTRY ID:SEC06-J:ENTRY NAME:Do not use reflection to increase accessibility of classes, methods, or fields::",
      "Related Attack Patterns": "::138::",
      "Notes": ""
    }
  },
  {
    "instruction": "List the detection techniques for CWE \"Path Traversal: '....//'\".",
    "context": "",
    "output": "Below are detection techniques applicable to CWE Path Traversal: '....//':\n(1) Method:Automated Static Analysis - Source Code.\nDescription: According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer.\nEffectiveness: None.\n(2) Method:Architecture or Design Review.\nDescription: According to SOAR, the following detection techniques may be useful: Highly cost effective: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.) Formal Methods / Correct-By-Construction.\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 34,
      "Name": "Path Traversal: '....//'",
      "Weakness Abstraction": "Variant",
      "Status": "Incomplete",
      "Description": "The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '....//' (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory.",
      "Extended Description": "This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory. The '....//' manipulation is useful for bypassing some path traversal protection schemes. If ../ is filtered in a sequential fashion, as done by some regular expression engines, then ....// can collapse into the ../ unsafe value (CWE-182). It could also be useful when .. is removed, if the operating system treats // and / as equivalent.",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:23:VIEW ID:1000:ORDINAL:Primary::",
      "Weakness Ordinalities": "",
      "Applicable Platforms": "::LANGUAGE CLASS:Not Language-Specific:LANGUAGE PREVALENCE:Undetermined::",
      "Background Details": "",
      "Alternate Terms": "",
      "Modes Of Introduction": "::PHASE:Implementation::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Confidentiality:SCOPE:Integrity:IMPACT:Read Files or Directories:IMPACT:Modify Files or Directories::",
      "Detection Methods": "::METHOD:Automated Static Analysis - Source Code:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Cost effective for partial coverage: Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer:EFFECTIVENESS:SOAR Partial::METHOD:Architecture or Design Review:DESCRIPTION:According to SOAR, the following detection techniques may be useful: Highly cost effective: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.) Formal Methods / Correct-By-Construction:EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Implementation:STRATEGY:Input Validation:DESCRIPTION:Assume all input is malicious. Use an accept known good input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, boat may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as red or blue. Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright. When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single . character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as / to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434. Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering / is insufficient protection if the filesystem also supports the use of as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if ../ sequences are removed from the .../...// string in a sequential fashion, two instances of ../ would be removed from the original string, but the remaining characters would still form the ../ string.:EFFECTIVENESS:High::PHASE:Implementation:STRATEGY:Input Validation:DESCRIPTION:Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.::",
      "Observed Examples": "::REFERENCE:CVE-2004-1670:DESCRIPTION:Mail server allows remote attackers to create arbitrary directories via a .. or rename arbitrary files via a ....// in user supplied parameters.:LINK:https://www.cve.org/CVERecord?id=CVE-2004-1670::",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:PLOVER:ENTRY NAME:'....//' (doubled dot dot slash)::TAXONOMY NAME:Software Fault Patterns:ENTRY ID:SFP16:ENTRY NAME:Path Traversal::",
      "Related Attack Patterns": "",
      "Notes": "::TYPE:Relationship:NOTE:This could occur due to a cleansing error that removes a single ../ from ....//::"
    }
  },
  {
    "instruction": "Could you give guidance on detecting the CWE weakness labeled \"Use of sizeof() on a Pointer Type\"?",
    "context": "",
    "output": "Sure\u2014see below for guidance on detecting CWE Use of sizeof() on a Pointer Type:\n(1) Method:Automated Static Analysis.\nDescription: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 467,
      "Name": "Use of sizeof() on a Pointer Type",
      "Weakness Abstraction": "Variant",
      "Status": "Draft",
      "Description": "The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine how much memory has been allocated.",
      "Extended Description": "The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:131:VIEW ID:1000:ORDINAL:Primary::",
      "Weakness Ordinalities": "::ORDINALITY:Primary::",
      "Applicable Platforms": "::LANGUAGE NAME:C:LANGUAGE PREVALENCE:Undetermined::LANGUAGE NAME:C++:LANGUAGE PREVALENCE:Undetermined::",
      "Background Details": "",
      "Alternate Terms": "",
      "Modes Of Introduction": "::PHASE:Implementation::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Integrity:SCOPE:Confidentiality:IMPACT:Modify Memory:IMPACT:Read Memory:NOTE:This error can often cause one to allocate a buffer that is much smaller than what is needed, leading to resultant weaknesses such as buffer overflows.::",
      "Detection Methods": "::METHOD:Automated Static Analysis:DESCRIPTION:Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Implementation:DESCRIPTION:Use expressions such as sizeof(*pointer) instead of sizeof(pointer), unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack.::",
      "Observed Examples": "",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:CLASP:ENTRY NAME:Use of sizeof() on a pointer type::TAXONOMY NAME:CERT C Secure Coding:ENTRY ID:ARR01-C:ENTRY NAME:Do not apply the sizeof operator to a pointer when taking the size of an array::TAXONOMY NAME:CERT C Secure Coding:ENTRY ID:MEM35-C:ENTRY NAME:Allocate sufficient memory for an object:MAPPING FIT:CWE More Abstract::TAXONOMY NAME:Software Fault Patterns:ENTRY ID:SFP10:ENTRY NAME:Incorrect Buffer Length Computation::",
      "Related Attack Patterns": "",
      "Notes": ""
    }
  },
  {
    "instruction": "What options exist for detecting the CWE weakness \"Missing Initialization of a Variable\"?",
    "context": "",
    "output": "Here are available detection options for CWE Missing Initialization of a Variable:\n(1) Method:Automated Static Analysis.\nDescription: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 456,
      "Name": "Missing Initialization of a Variable",
      "Weakness Abstraction": "Variant",
      "Status": "Draft",
      "Description": "The product does not initialize critical variables, which causes the execution environment to use unexpected values.",
      "Extended Description": "",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:909:VIEW ID:1000:ORDINAL:Primary::NATURE:ChildOf:CWE ID:665:VIEW ID:1305:ORDINAL:Primary::NATURE:ChildOf:CWE ID:665:VIEW ID:1340:ORDINAL:Primary::NATURE:CanPrecede:CWE ID:89:VIEW ID:1000::NATURE:CanPrecede:CWE ID:120:VIEW ID:1000::NATURE:CanPrecede:CWE ID:98:VIEW ID:1000::NATURE:CanPrecede:CWE ID:457:VIEW ID:1000::",
      "Weakness Ordinalities": "",
      "Applicable Platforms": "::LANGUAGE CLASS:Not Language-Specific:LANGUAGE PREVALENCE:Undetermined::",
      "Background Details": "",
      "Alternate Terms": "",
      "Modes Of Introduction": "::PHASE:Implementation::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Integrity:SCOPE:Other:IMPACT:Unexpected State:IMPACT:Quality Degradation:IMPACT:Varies by Context:NOTE:The uninitialized data may be invalid, causing logic errors within the program. In some cases, this could result in a security problem.::",
      "Detection Methods": "::METHOD:Automated Static Analysis:DESCRIPTION:Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Implementation:DESCRIPTION:Check that critical variables are initialized.::PHASE:Testing:DESCRIPTION:Use a static analysis tool to spot non-initialized variables.::",
      "Observed Examples": "::REFERENCE:CVE-2020-6078:DESCRIPTION:Chain: The return value of a function returning a pointer is not checked for success (CWE-252) resulting in the later use of an uninitialized variable (CWE-456) and a null pointer dereference (CWE-476):LINK:https://www.cve.org/CVERecord?id=CVE-2020-6078::REFERENCE:CVE-2009-2692:DESCRIPTION:Chain: Use of an unimplemented network socket operation pointing to an uninitialized handler function (CWE-456) causes a crash because of a null pointer dereference (CWE-476).:LINK:https://www.cve.org/CVERecord?id=CVE-2009-2692::REFERENCE:CVE-2020-20739:DESCRIPTION:A variable that has its value set in a conditional statement is sometimes used when the conditional fails, sometimes causing data leakage:LINK:https://www.cve.org/CVERecord?id=CVE-2020-20739::REFERENCE:CVE-2005-2978:DESCRIPTION:Product uses uninitialized variables for size and index, leading to resultant buffer overflow.:LINK:https://www.cve.org/CVERecord?id=CVE-2005-2978::REFERENCE:CVE-2005-2109:DESCRIPTION:Internal variable in PHP application is not initialized, allowing external modification.:LINK:https://www.cve.org/CVERecord?id=CVE-2005-2109::REFERENCE:CVE-2005-2193:DESCRIPTION:Array variable not initialized in PHP application, leading to resultant SQL injection.:LINK:https://www.cve.org/CVERecord?id=CVE-2005-2193::",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:PLOVER:ENTRY NAME:Missing Initialization::TAXONOMY NAME:Software Fault Patterns:ENTRY ID:SFP1:ENTRY NAME:Glitch in computation::TAXONOMY NAME:CERT C Secure Coding:ENTRY ID:ERR30-C:ENTRY NAME:Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure:MAPPING FIT:CWE More Abstract::TAXONOMY NAME:SEI CERT Perl Coding Standard:ENTRY ID:DCL04-PL:ENTRY NAME:Always initialize local variables:MAPPING FIT:Exact::TAXONOMY NAME:SEI CERT Perl Coding Standard:ENTRY ID:DCL33-PL:ENTRY NAME:Declare identifiers before using them:MAPPING FIT:Imprecise::TAXONOMY NAME:OMG ASCSM:ENTRY ID:ASCSM-CWE-456::TAXONOMY NAME:OMG ASCRM:ENTRY ID:ASCRM-CWE-456::",
      "Related Attack Patterns": "",
      "Notes": "::TYPE:Relationship:NOTE:This weakness is a major factor in a number of resultant weaknesses, especially in web applications that allow global variable initialization (such as PHP) with libraries that can be directly requested.::TYPE:Research Gap:NOTE:It is highly likely that a large number of resultant weaknesses have missing initialization as a primary factor, but researcher reports generally do not provide this level of detail.::"
    }
  },
  {
    "instruction": "How can the CWE weakness \"Return Inside Finally Block\" be detected?",
    "context": "",
    "output": "Here are methods to detect CWE Return Inside Finally Block:\n(1) Method:Automated Static Analysis.\nDescription: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.).\nEffectiveness: None.",
    "category": "CWE_Flan",
    "instruction_type": "cwe_detection_methods",
    "parsed_raw_data": {
      "CWE-ID": 584,
      "Name": "Return Inside Finally Block",
      "Weakness Abstraction": "Base",
      "Status": "Draft",
      "Description": "The code has a return statement inside a finally block, which will cause any thrown exception in the try block to be discarded.",
      "Extended Description": "",
      "Related Weaknesses": "::NATURE:ChildOf:CWE ID:705:VIEW ID:1000:ORDINAL:Primary::",
      "Weakness Ordinalities": "",
      "Applicable Platforms": "",
      "Background Details": "",
      "Alternate Terms": "",
      "Modes Of Introduction": "::PHASE:Implementation::",
      "Exploitation Factors": "",
      "Likelihood of Exploit": "",
      "Common Consequences": "::SCOPE:Other:IMPACT:Alter Execution Logic::",
      "Detection Methods": "::METHOD:Automated Static Analysis:DESCRIPTION:Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect sources (origins of input) with sinks (destinations where the data interacts with external components, a lower layer such as the OS, etc.):EFFECTIVENESS:High::",
      "Potential Mitigations": "::PHASE:Implementation:DESCRIPTION:Do not use a return statement inside the finally block. The finally block should have cleanup code.::",
      "Observed Examples": "",
      "Functional Areas": "",
      "Affected Resources": "",
      "Taxonomy Mappings": "::TAXONOMY NAME:The CERT Oracle Secure Coding Standard for Java (2011):ENTRY ID:ERR04-J:ENTRY NAME:Do not complete abruptly from a finally block::TAXONOMY NAME:The CERT Oracle Secure Coding Standard for Java (2011):ENTRY ID:ERR05-J:ENTRY NAME:Do not let checked exceptions escape from a finally block::TAXONOMY NAME:Software Fault Patterns:ENTRY ID:SFP6:ENTRY NAME:Incorrect Exception Behavior::",
      "Related Attack Patterns": "",
      "Notes": ""
    }
  }
]