Défauts de sécurité
Ces défauts mettent en évidence les emplacements de votre code qui sont vulnérables au piratage ou à d'autres attaques de sécurité. Bon nombre de ces défauts ne provoquent pas d'erreurs run-time, mais mettent en évidence des zones à risque dans votre code. Ces défauts incluent :
Gestion des données sensibles
Utilisation de fonctions dangereuses ou obsolètes
Génération de nombres aléatoires
Chemins et commandes contrôlés de l'extérieur
Résultats Polyspace
File access between time of check and use (TOCTOU) | File or folder might change state due to access race |
File descriptor exposure to child process | Copied file descriptor used in multiple processes |
File manipulation after chroot without chdir | Path-related vulnerabilities for file manipulated after
call to chroot |
Inappropriate I/O operation on device files | Operation can result in security vulnerabilities or a system failure |
Unsafe call to a system function | Unsanitized command argument has exploitable vulnerabilities |
Use of non-secure temporary file | Temporary generated file name not secure |
Vulnerable path manipulation | Path argument with /../, /abs/path/,
or other unsecure elements |
Bad order of dropping privileges | Dropped higher elevated privileges before dropping lower elevated privileges |
Privilege drop not verified | Attacker can gain unintended elevated access to program |
Umask used with chmod-style arguments | Argument to umask allows external user
too much control |
Vulnerable permission assignments | Argument gives read/write/search permissions to external users |
Unsafe standard encryption function | Function is not reentrant or uses a risky encryption algorithm |
Unsafe standard function | Function unsafe for security-related purposes |
Use of dangerous standard function | Dangerous functions cause possible buffer overflow in destination buffer |
Use of obsolete standard function | Obsolete routines can cause security vulnerabilities and portability issues |
LDAP injection | Data read from an untrusted source is used in the construction of an LDAP query (depuis R2023a) |
SQL injection | Data read from an untrusted source is used in the construction of an SQL query (depuis R2023a) |
Deterministic random output from constant seed | Seeding routine uses a constant seed making the output deterministic |
Predictable random output from predictable seed | Seeding routine uses a predictable seed making the output predictable |
Vulnerable pseudo-random number generator | Using a cryptographically weak pseudo-random number generator |
Critical data
member is not private | A critical data member is declared public (depuis R2022a) |
Errno not checked | errno is not checked for error conditions
following function call |
Execution of a binary from a relative path can
be controlled by an external actor | Command with relative path is vulnerable to malicious attack |
Function pointer assigned with absolute
address | Constant expression is used as function address is vulnerable to code injection |
Hard-coded
sensitive data | Sensitive data is exposed in code, for instance as string literals |
Incorrect order of network connection
operations | Socket is not correctly established due to bad order of connection steps or missing steps |
Information leak
via structure padding | Padding bytes can contain sensitive information |
Load of library from a relative path can be
controlled by an external actor | Library loaded with relative path is vulnerable to malicious attacks |
Mismatch between data length and
size | Data size argument is not computed from actual data length |
Missing case for switch
condition | switch variable not covered by cases and default case is
missing |
Misuse of readlink() | Third argument of readlink does not
leave space for null terminator in buffer |
Plain text
password stored in file system | Password stored in files in plain text format (depuis R2023b) |
Resource
injection | Data input is not properly restricted before being used as a resource identifier (depuis R2024a) |
Returned value of a sensitive function not
checked | Sensitive functions called without checking for unexpected return values and errors |
Sensitive data printed out | Function prints sensitive data |
Sensitive heap memory not cleared before
release | Sensitive data not cleared or released by memory routine |
Uncertain memory
cleaning | The code clears information that might be sensitive from memory but compiler optimization might leave the information untouched (depuis R2022a) |
Uncleared sensitive data in
stack | Variable in stack is not cleared and contains sensitive data |
Rubriques
- Bug Finder Defect Groups
The Bug Finder defect checkers are classified into groups such as data flow, concurrency, numerical, and so on.
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Sélectionner un site web
Choisissez un site web pour accéder au contenu traduit dans votre langue (lorsqu'il est disponible) et voir les événements et les offres locales. D’après votre position, nous vous recommandons de sélectionner la région suivante : .
Vous pouvez également sélectionner un site web dans la liste suivante :
Comment optimiser les performances du site
Pour optimiser les performances du site, sélectionnez la région Chine (en chinois ou en anglais). Les sites de MathWorks pour les autres pays ne sont pas optimisés pour les visites provenant de votre région.
Amériques
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)