Missing Resource Integrity Check

ID

python.missing_resource_integrity_check

Severity

high

Resource

Misconfiguration

Language

Python

Tags

CWE:494, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.6

Description

This detector focuses on ensuring that resources downloaded from external sources are verified for integrity to prevent malicious code execution.

Rationale

When applications download external resources without integrity checks, they are vulnerable to compromised files being executed. This can lead to unauthorized actions and data breaches. Implementing resource integrity controls ensures that the resource has not been altered from its intended form.

When using PyTorch to download remote files, it’s crucial to verify their integrity using hash checks. This ensures that downloaded files are genuine and have not been tampered with, which protects the application from executing malicious code.

import torch

state_dict = torch.hub.load_state_dict_from_url('https://dummy.com/model.pth') # FLAW

model = torch.utils.model_zoo.load_url('https://dummy.com/model.pth') # FLAW

torch.hub.download_url_to_file('https://dummy.com/model.pth', 'model.pth') # FLAW

Remediation

To remediate this issue, always check the integrity of the resource. Obtain a cryptographic hash of the file at the point of trust (i.e., directly from the source you trust) and check it after the download.

For the PyTorch particular case, use the hash_prefix or check_hash arguments, ensuring that the integrity of downloaded files is verified against known hash values. This reduces the risk of executing malicious files.

import torch

state_dict = torch.hub.load_state_dict_from_url('https://dummy.com/model.pth', check_hash=True)

model = torch.utils.model_zoo.load_url('https://dummy.com/model.pth', check_hash=True)

torch.hub.download_url_to_file('https://dummy.com/model.pth', 'model.pth', hash_prefix='1234567890abcdef')

By implementing these changes, you ensure the files are checked against expected hash values, providing robust integrity assurance.

References

  • CWE-494 : Download of Code Without Integrity Check.