CS.SV.TAINTED.CALL.GLOBAL
Use of Unvalidated Integer in an Assignment Operation
This checker reports a defect whenever tainted data is used to assign a globally visible data field via a function call.
Vulnerability and risk
Global variables, such as C# public static class fields, are visible in the entire program scope. It can be difficult for a programmer or an analysis tool to fully control their assignments or reads in the program. The possibility of a reduced understanding of the global variable effect on the program control flow can introduce a security risk when integer data input to the code is not validated properly and is used to assign a global variable.
Vulnerable code example 1
1 using System; 2 using System.IO; 3 namespace TaintedGlobal 4 { 5 class TestTaintedGlobal 6 { 7 const string fileName = "File.dat"; 8 public static int gVar = 0; 9 10 public static void TaintedGlobalExample() 11 { 12 int t = getTaintedData(); 13 bar(t); // CS.SV.TAINTED.CALL.GLOBAL 14 } 15 16 public static int getTaintedData() 17 { 18 try 19 { 20 using (BinaryReader br = new BinaryReader(File.Open(fileName, FileMode.Open))) 21 { 22 return(br.ReadInt32()); 23 } 24 } 25 catch (Exception e) 26 { 27 Console.WriteLine(e); 28 } 29 } 30 31 public static void bar(int value) 32 { 33 gVar = value; 34 } 35 } 36 }
In the above example, an attacker can provide an arbitrary value for global variable ‘gVar’ that can later be potentially used elsewhere in a code that the programmer has no control or even not aware of. This potentially introduces a risk of security vulnerability involving that variable.
Klocwork reports a SV.TAINTED.CALL.GLOBAL defect at line 12, indicating that “Unvalidated integer value ’t’ that is received from ’getTaintedData’ at line 12 is used to assign a global variable via a call 'bar()' at line 13.”Fixed code example 1
1 using System; 2 using System.IO; 3 4 namespace TaintedGlobal 5 { 6 class TestTaintedGlobal 7 { 8 const string fileName = "File.dat"; 9 const int maxBuf = 10; 10 public static int gVar = 0; 11 12 public static void TaintedGlobalExample() 13 { 14 int t = getTaintedData(); 15 if(t < maxBuf) 16 { 17 bar(t); 18 } 19 } 20 21 public static int getTaintedData() 22 { 23 try 24 { 25 using (BinaryReader br = new BinaryReader(File.Open(fileName, FileMode.Open))) 26 { 27 return(br.ReadInt32()); 28 } 29 } 30 catch (Exception e) 31 { 32 Console.WriteLine(e); 33 } 34 } 35 36 public static void bar(int value) 37 { 38 gVar = value; 39 } 40 } 41 }
Klocwork no longer reports a defect since the integer value 't' is validated.