Understanding Common Weakness Enumeration (CWE) in Software Security
Common Weakness Enumeration (CWE) provides a formal list of software weakness types, serving as a standard for measuring vulnerabilities and guiding their identification, mitigation, and prevention. This article covers the significance of CWE, the difference between prevention and mitigation strategies, universal versus application-specific vulnerabilities, specific CWEs prevented by Ada, general problems mitigated by Ada, and a comprehensive list of CWEs mitigated by Ada through runtime checks.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Covering CWE with Programming Languages and Tools Robert Tice Technical Account Manager
What is a CWE? Formal list of software weakness types: Common language Standard measuring stick for software security tools Baseline for weakness identification, mitigation, and prevention
Prevention vs Mitigation Prevention Mitigation Entirely absent from application. Reduced risk but may exist.
Universal vs Application Specific Universal Application Specific All software should be free of these vulnerabilities. i.e. buffer overflow Dependent on the application. i.e. SQL Injection We will talk about these
CWEs Prevented by Ada These relate to specific features of other languages CWE Identifiers Note 467, 484 Only affects C and C++ 500 Only affects C++ and Java 520, 526 Only affects .NET languages 8, 9, 487, 555, 574 Only affects Java 103, 104, 107, 108, 109, 110, 608 Only affects Struts framework
CWEs Prevented by Ada These relate to general problems and constructs of other languages CWE Identifiers Note 588 Unsafe pointer usage 95 Unvalidated code in dynamic eval context 481, 482 Confusion between assignment and comparison 170 Improper null termination of Strings 228, 229, 233, 237, 240 (and variants) Parameters missing/extra/confused
CWEs Mitigated by Ada (runtime checks) CWE Description CWE Description 194 Unexpected sign extension 120* Buffer Overflow 197 Numeric truncation error 123 Write-what-where condition 252 Unchecked return value 124 Buffer Underwrite 253 Incorrect check of function return value 125 Out-of-bounds read 369 Divide-by-zero 126 Buffer Over-read 476 Null pointer dereference 127 Buffer Under-read 562 Return of stack variable address 128 Wrap-around-error 682 Incorrect calculation 129 Improper validation of array index 786 Access before start of buffer 130 Improper handling of length parameter 787 Out-of-bounds write 131* Incorrect calculation of buffer size 788 Access after end of buffer 136 Type errors 805 Buffer access with incorrect length 190* Integer overflow or wrap-around 824 Uninitialized pointer 191 Integer underflow or wrap-around 193 Off-by-one error * 2011 CWE/SANS Top 25 Most Dangerous Software Errors (https://cwe.mitre.org/top25/)
CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) type My_Array_Type is array (Natural range <>) of Integer; type My_Array_Type is array (Natural range <>) of Integer; void foo(int* arr, int length) { for(int i = 0; i < length; i++) { procedure Foo (Arr : in out My_Array_Type; Len : Natural) is begin procedure Foo (Arr : in out My_Array_Type) is begin for I in Arr'Range loop for I in 1 .. Len loop arr[i]++; } Buffer overflow! } void bar() { Arr (I) := Arr (I) + 1; Arr (I) := Arr (I) + 1; int myArray[10]; end loop; end loop; end Foo; end Foo; // init the array for(int i = 0; i < 10; i++) raised CONSTRAINT_ERROR : buffer_overflow.adb:7 index check failed procedure Bar is procedure Bar is myArray[i] = 0; My_Array : My_Array_Type (1 .. 10) := My_Array : My_Array_Type (1 .. 10) := (others => // or memset(&myArray[0], 0, 10 * (others => 0); begin 0); begin sizeof(myArray[0])); Foo (Arr => My_Array, Len => 30); -- no accidental length computation -- no accidental buffer overflow because of a typo Foo (Arr => My_Array); end Bar; foo(&myArray[0], 30); } end Bar;
CWE-190: Integer Overflow or Wraparound volatile uint32_t myRegister; My_Register : Integer; pragma Volatile (My_Register); int waitForFlag() { int counter = 0; function Wait_For_Flag return Integer is Counter : Integer := 0; begin while My_Register = 0 loop while(myRegister == 0) { counter++; } Integer overflow! Counter := Counter + 1; return counter; end loop; } return Counter; end Wait_For_Flag; raised CONSTRAINT_ERROR : integer_overflow.adb:9 overflow check failed
Static Mitigation CWE-120: Classic Buffer Overflow procedure Main is type My_Array_Type is array (Natural range <>) of Integer; procedure Foo (Arr : in out My_Array_Type; Len : Natural) is begin for I in 1 .. Len loop Arr (I) := Arr (I) + 1; end loop; end Foo; CodePeer Results: buffer_overflow.adb:18:7: high: precondition (array index check [CWE 120]) failure on call to main.foo: requires Len = 0 or Len <= Arr'Last procedure Bar is My_Array : My_Array_Type (1 .. 10) := (others => 0); begin Foo (Arr => My_Array, Len => 30); end Bar; begin Bar; end Main;
Static Mitigation CWE-190: Integer Overflow procedure Main is My_Register : Integer := 0; pragma Volatile (My_Register); function Wait_For_Flag return Integer is Counter : Integer := 0; begin while My_Register = 0 loop Counter := Counter + 1; end loop; return Counter; end Wait_For_Flag; CodePeer Results: Ret : Integer; begin Ret := Wait_For_Flag; end Main; integer_overflow.adb:10:32: low: overflow check [CWE 190] might fail: requires Counter <= Integer_32'Last-1
CWEs Mitigated with CodePeer CWE Description CWE s mitigated by Ada 120* Buffer Overflow 123 Write-what-where condition 124 Buffer Underwrite plus these! 125 Out-of-bounds read 126 Buffer Over-read CWE Description 127 Buffer Under-read 128 Wrap-around-error 137 Representation errors Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Race Condition within a Thread 129 Improper validation of array index 130 Improper handling of length parameter 362 131* Incorrect calculation of buffer size 366 136 Type errors 190* Integer overflow or wrap-around 457 Use of Uninitialized Variable 191 193 Integer underflow or wrap-around Off-by-one error 561 Dead Code CWE 194 197 252 253 369 476 562 682 786 787 788 805 824 Description Unexpected sign extension Numeric truncation error Unchecked return value Incorrect check of function return value Divide-by-zero Null pointer dereference Return of stack variable address Incorrect calculation Access before start of buffer Out-of-bounds write Access after end of buffer Buffer access with incorrect length Uninitialized pointer 563 Assignment to Variable without Use 570 Expression is always false 571 Expression is always true 820 Missing synchronization 821 Incorrect synchronization 835 Loop with unreachable exit
Static Mitigation CWE-457: Use of Uninitialized Variable with Ada.Text_IO; use Ada.Text_IO; procedure Main is Global : Integer; CodePeer Results: procedure Init_Global is begin Global := 0; end Init_Global; uninit_var.adb:17:15: high: validity check [CWE 457]: Global is uninitialized here begin -- Init_Global; Global := Global + 5; Put_Line (Global'Img); end Main;
How many CWE violations will CodePeer find? with Ada.Text_IO; use Ada.Text_IO; procedure Main is Flag : Boolean := False; Counter : Integer; begin CodePeer Results: loop unreachable_exit.adb:11:12: medium warning: loop does not complete normally [CWE 835] unreachable_exit.adb:11:12: low warning: test always false [CWE 570] because Flag = false if Flag then Put_Line ("Exiting..."); exit; else Counter := Counter + 1; Put_Line ("Loop #" & Counter'Img); end if; end loop; unreachable_exit.adb:12:13: medium warning: dead code [CWE 561] because Flag = false unreachable_exit.adb:15:24: low: validity check [CWE 457]: Counter might be uninitialized unreachable_exit.adb:15:32: low: overflow check [CWE 190] might fail: requires Counter <= Integer_32'Last-1 end Main;
CWEs Mitigated with SPARK Pro CWE 137 Description Representation errors Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Race Condition within a Thread Use of Uninitialized Variable Dead Code Assignment to Variable without Use Expression is always false Expression is always true Missing synchronization Incorrect synchronization Loop with unreachable exit CWE Description CWE s mitigated by Ada 120* Buffer Overflow 362 123 Write-what-where condition 366 457 561 563 570 571 820 821 835 124 Buffer Underwrite 125 Out-of-bounds read 126 Buffer Over-read CWE s mitigated with CodePeer 127 Buffer Under-read 128 Wrap-around-error 129 Improper validation of array index 130 Improper handling of length parameter 131* Incorrect calculation of buffer size 136 Type errors plus these! 190* Integer overflow or wrap-around 191 193 Integer underflow or wrap-around Off-by-one error CWE Description 188 Reliance on data layout CWE 194 197 252 253 369 476 562 682 786 787 788 805 824 Description Unexpected sign extension Numeric truncation error Unchecked return value Incorrect check of function return value Divide-by-zero Null pointer dereference Return of stack variable address Incorrect calculation Access before start of buffer Out-of-bounds write Access after end of buffer Buffer access with incorrect length Uninitialized pointer 466 Return of pointer value outside expected range 468 Incorrect pointer scaling 469 Use of pointer subtraction to determine size 822 Untrusted pointer access 823 Out-of-range pointer offset 825 Expired pointer dereference
Restricting to Prevent pragma Restrictions (Restriction_Identifier) Restriction Identifier CWE s Prevented No_Allocators 122, 244, 415, 416, 467, 590, 761 362, 364, 366, 432, 479, 543, 558, 567, 572, 585, 662, 663, 820, 821, 828, 831, 833 674 No_Tasking No_Recursion No_Exceptions 248, 396, 397, 460, 584, 600 No_Exception_Handlers 396, 584 No_Finalization 568, 583, 586 No_Streams 499 No_Unchecked_Conversion 197, 588, 704, 843 No_Wide_Characters 135, 176 No_Dependence 676* * 2011 CWE/SANS Top 25 Most Dangerous Software Errors (https://cwe.mitre.org/top25/)
Reduce risk! Use Ada, SPARK, & CodePeer Mitre recognized CWE-compatible products!