Variable Extraction Error |
Weakness ID: 621 (Weakness Base) | Status: Incomplete |
Description Summary
Extended Description
For example, in PHP, calling extract() or import_request_variables() without the proper arguments could allow arbitrary global variables to be overwritten, including superglobals. Similar functionality might be possible in other interpreted languages, including custom languages.
Reference | Description |
---|---|
CVE-2006-7135 | extract issue enables file inclusion |
CVE-2006-7079 | extract used for register globals compatibility layer, enables path traversal |
CVE-2007-0649 | extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect. |
CVE-2006-6661 | extract() enables static code injection |
CVE-2006-2828 | import request variables() buried in include files makes post-disclosure analysis confusing |
Use whitelists of variable names that can be extracted. |
Consider refactoring your code to avoid extraction routines altogether. |
In PHP, call extract() with options such as EXTR_SKIP and EXTR_PREFIX_ALL; call import_request_variables() with a prefix argument. Note that these capabilities are not present in all PHP versions. |
In general, variable extraction can make control and data flow analysis difficult to perform. For PHP, extraction can be used to provide functionality similar to register_globals, which is frequently disabled in production systems. Many PHP versions will overwrite superglobals in extract/import_request_variables calls. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 20 | Improper Input Validation | Development Concepts (primary)699 |
ChildOf | Weakness Class | 94 | Failure to Control Generation of Code ('Code Injection') | Research Concepts (primary)1000 |
PeerOf | Weakness Base | 99 | Improper Control of Resource Identifiers ('Resource Injection') | Research Concepts1000 |
PeerOf | Weakness Base | 471 | Modification of Assumed-Immutable Data (MAID) | Research Concepts1000 |
PeerOf | Weakness Base | 627 | Dynamic Variable Evaluation | Research Concepts1000 |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Relationships, Observed Example, Other Notes, Weakness Ordinalities | ||||
2008-10-14 | CWE Content Team | MITRE | Internal | |
updated Description |