CWE-346: Origin Validation Error

Description

The product does not properly verify that the source of data or communication is valid.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

This Android application will remove a user account when it receives an intent to do so:




int userID = intent.getIntExtra("userID");destroyUserData(userID);@Overridepublic void onReceive(Context context, Intent intent) {}IntentFilter filter = new IntentFilter("com.example.RemoveUser");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class DeleteReceiver extends BroadcastReceiver {}

This application does not check the origin of the intent, thus allowing any malicious application to remove a user. Always check the origin of an intent, or create an allowlist of trusted applications using the manifest.xml file.

Example - 2

These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:

// // Android// 

writeDataToView(view, UserData);return false;
return true;if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){}else{}if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){}@Overridepublic boolean shouldOverrideUrlLoading(WebView view, String url){}
// // iOS// 



// // Make data available back in webview.// 
UIWebView *webView = [self writeDataToView:[URL query]];
NSString *functionString = [URL resourceSpecifier];if ([functionString hasPrefix:@"specialFunction"]){}return NO;
NSURL *URL = [exRequest URL];if ([[URL scheme] isEqualToString:@"exampleScheme"]){}return YES;-(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType{}

A call into native code can then be initiated by passing parameters within the URL:

window.location = examplescheme://method?parameter=value

Because the application does not check the source, a malicious website loaded within this WebView has the same access to the API as a trusted site.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 18, 2024 17:44