CS.SV.TAINTED.CALL.GLOBAL

Use of Unvalidated Integer in an Assignment Operation

This checker reports a defect whenever tainted data is used to assign a globally visible data field via a function call.

Vulnerability and risk

Global variables, such as C# public static class fields, are visible in the entire program scope. It can be difficult for a programmer or an analysis tool to fully control their assignments or reads in the program. The possibility of a reduced understanding of the global variable effect on the program control flow can introduce a security risk when integer data input to the code is not validated properly and is used to assign a global variable.

Vulnerable code example 1

1   using System;
2   using System.IO;
3   namespace TaintedGlobal
4   {
5     class TestTaintedGlobal
6     {
7       const string fileName = "File.dat";
8       public static int gVar = 0;
9   
10      public static void TaintedGlobalExample()
11      {
12              int t = getTaintedData();
13        bar(t); // CS.SV.TAINTED.CALL.GLOBAL
14      }
15  
16      public static int getTaintedData()
17      {
18        try
19        {
20          using (BinaryReader br = new BinaryReader(File.Open(fileName, FileMode.Open)))
21          {
22            return(br.ReadInt32());
23          }
24        }
25        catch (Exception e)
26        {
27          Console.WriteLine(e);
28        }
29      }
30  
31      public static void bar(int value)
32      {
33        gVar = value;
34      }
35    }
36  }

In the above example, an attacker can provide an arbitrary value for global variable ‘gVar’ that can later be potentially used elsewhere in a code that the programmer has no control or even not aware of. This potentially introduces a risk of security vulnerability involving that variable.

Klocwork reports a SV.TAINTED.CALL.GLOBAL defect at line 12, indicating that “Unvalidated integer value ’t’ that is received from ’getTaintedData’ at line 12 is used to assign a global variable via a call 'bar()' at line 13.”

Fixed code example 1

1   using System;
2   using System.IO;
3   
4   namespace TaintedGlobal
5   {
6     class TestTaintedGlobal
7     {
8       const string fileName = "File.dat";
9       const int maxBuf = 10;
10      public static int gVar = 0;
11  
12      public static void TaintedGlobalExample()
13      {
14              int t = getTaintedData();
15        if(t < maxBuf)
16        {
17          bar(t); 
18        }
19      }
20  
21      public static int getTaintedData()
22      {
23        try
24        {
25          using (BinaryReader br = new BinaryReader(File.Open(fileName, FileMode.Open)))
26          {
27            return(br.ReadInt32());
28          }
29        }
30        catch (Exception e)
31        {
32          Console.WriteLine(e);
33        }
34      }
35  
36      public static void bar(int value)
37      {
38        gVar = value;
39      }
40    }
41  }

Klocwork no longer reports a defect since the integer value 't' is validated.