diff options
Diffstat (limited to 'doc/user/application_security/dast/checks')
-rw-r--r-- | doc/user/application_security/dast/checks/611.1.md | 31 | ||||
-rw-r--r-- | doc/user/application_security/dast/checks/94.4.md | 49 | ||||
-rw-r--r-- | doc/user/application_security/dast/checks/index.md | 2 |
3 files changed, 82 insertions, 0 deletions
diff --git a/doc/user/application_security/dast/checks/611.1.md b/doc/user/application_security/dast/checks/611.1.md new file mode 100644 index 00000000000..49ef449f8b0 --- /dev/null +++ b/doc/user/application_security/dast/checks/611.1.md @@ -0,0 +1,31 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# External XML Entity Injection (XXE) + +## Description + +It is possible to cause the application's XML parser to include external resources. +This can include files or in some circumstances initiate requests to third party +servers. + +## Remediation + +Consult the documentation for the XML Parser used by the target application for security +guidelines and hardening steps. It is recommended that all XML parsers disable external +entity resolution and XML `xinclude` features. Most XML parsers based on `libxml` can also be +configured to disable network access. + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 611.1 | false | 611 | Active | high | + +## Links + +- [OWASP](https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing) +- [CWE](https://cwe.mitre.org/data/definitions/611.html) diff --git a/doc/user/application_security/dast/checks/94.4.md b/doc/user/application_security/dast/checks/94.4.md new file mode 100644 index 00000000000..9dddada84f9 --- /dev/null +++ b/doc/user/application_security/dast/checks/94.4.md @@ -0,0 +1,49 @@ +--- +stage: Secure +group: Dynamic Analysis +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# Server-side code injection (NodeJS) + +## Description + +The target application was found vulnerable to code injection. A malicious actor could inject arbitrary +JavaScript code to be executed on the server. This could lead to a full system compromise by accessing +stored secrets, injecting code to take over accounts, or executing OS commands. + +## Remediation + +Never pass user input directly into functions which evaluate string data as code, such as `eval`, `setTimeout` +or `setInterval`. There is almost no benefit of passing string values to these methods, as such the best +recommendation is to replace the current logic with more safe implementations of dynamically evaluating +logic with user input. One alternative is to store functions or methods in a Map that can be looked +up using a key. If the key exists, the function can be executed. + +```javascript +const function_map = new Map(); + +function_map.set('fn', function() { + console.log('hello world'); +}) + +const input = 'fn2'; + +const fn = function_map.get(input) + +if (fn) { + fn(); +} else { + console.log('invalid input'); +} +``` + +## Details + +| ID | Aggregated | CWE | Type | Risk | +|:---|:--------|:--------|:--------|:--------| +| 94.4 | false | 94 | Active | high | + +## Links + +- [CWE](https://cwe.mitre.org/data/definitions/94.html) diff --git a/doc/user/application_security/dast/checks/index.md b/doc/user/application_security/dast/checks/index.md index 035f4a4b486..4d41f08672e 100644 --- a/doc/user/application_security/dast/checks/index.md +++ b/doc/user/application_security/dast/checks/index.md @@ -169,3 +169,5 @@ The [DAST browser-based crawler](../browser_based.md) provides a number of vulne |:---|:------|:---------|:-----| | [113.1](113.1.md) | Improper Neutralization of CRLF Sequences in HTTP Headers | High | Active | | [22.1](22.1.md) | Improper limitation of a pathname to a restricted directory (Path traversal) | High | Active | +| [611.1](611.1.md) | External XML Entity Injection (XXE) | High | Active | +| [94.4](94.4.md) | Server-side code injection (NodeJS) | High | Active | |