在同一數據結構中將可信賴數據和不可信賴數據混合在一起會導致程序員錯誤地信賴未驗證的數據。
信任邊界可以理解為在程序中劃分的分界線。分界線的一邊是不可信賴的數據。分界線的另一邊則是被認定為是可信賴的數據。驗證邏輯的用途是允許數據安全地跨越信任邊界 — 從不可信賴的一邊移動到可信賴的另一邊。
當程序使可信賴和不可信賴的分界線模糊不清時,就會發生 Trust Boundary Violation 漏洞。發生這種錯誤的最普遍方式是允許可信賴的數據和不可信賴的數據共同混合在同一數據結構中。
示例:以下代碼接受了一個 HTTP 請求,它會在 HTTP 會話對象中存儲 usrname 參數,然后進行檢查以確保該用戶已經過了驗證。
...
Dim Response As Response
Dim Request As Request
Dim Session As Session
Dim Application As Application
Dim Server As Server
Dim usrname as Variant
Set Response = objContext("Response")
Set Request = objContext("Request")
Set Session = objContext("Session")
Set Application = objContext("Application")
usrname = Request.Form("usrname")
If IsNull(Session("ATTR_USR")) Then
Session("ATTR_USR") = usrname
End If
...
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A1 Unvalidated Input
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3510 CAT I
[3] Standards Mapping - Security Technical Implementation Guide Version 3.4 - (STIG 3.4) APP3510 CAT I
[4] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 501
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.3.1.1
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.1
[7] Standards Mapping - FIPS200 - (FISMA) SI
[8] M. Howard, D. LeBlanc Writing Secure Code, Second Edition Microsoft Press