External Control Of Configuration Setting
ID |
java.external_control_of_configuration_setting |
Severity |
high |
Resource |
Injection |
Language |
Java |
Tags |
CWE:15, NIST.SP.800-53, PCI-DSS:6.5.6 |
Rationale
External Control of Configuration Setting issues arise when an application’s configuration can be influenced by untrusted external sources.
In Java, such a situation may occur when configuration settings are modified through external inputs. If an attacker can manipulate these settings, they might gain unauthorized control over various aspects of the application’s behavior.
import javax.servlet.http.HttpServletRequest;
import java.sql.Connection;
public class DummyController {
public void handleRequest(HttpServletRequest request) {
Connection conn = getConnection();
conn.setCatalog(req.getParameter("input"));
}
}Remediation
To remediate this vulnerability, it is essential to ensure that external inputs used for configurations are properly validated and controlled. Here are a few practical steps in Java:
-
Validate Inputs: Always validate and sanitize input from web requests to ensure they conform to expected formats and ranges.
-
Environment Segregation: Use separate environments for development, testing, and production. Limit the influence of web requests on critical configuration settings in production environments.
-
Secure Access Permissions: Ensure that sensitive configuration settings are not exposed to direct web requests.
-
Use Secure Configuration Methods: Instead of relying on web inputs for configuration, utilize secure methods like environment variables or Java’s secure vault mechanisms (e.g., JCA/JCE for encryption).
-
Monitor and Audit: Implement logging and monitoring to detect any unauthorized changes to configuration settings and regularly audit these settings for compliance.
By controlling how configuration settings are sourced and managed, the vulnerabilities associated with this CWE can be significantly reduced, thus preventing service disruption or malicious application behavior.