Skip to main content

Lack of data validation - Special Characters

Description

The system does not validate that special characters are not entered in some fields.

Impact

Cause unexpected behavior of the application.

Recommendation

Validate in all fields that no special characters are entered.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⌚ 30 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: N
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: U
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X
  • Score:
    • Base: 5.3
    • Temporal: 4.9
  • Severity:
    • Base: Medium
    • Temporal: Medium

Code Examples

Compliant code

The application correctly validates all input data on the server side

//String to validate data does not contain special characters
const format = /[[email protected]#$%^&*()_+\-=\[\]{};':"\|,.<>\/?]+/;
app.post('/editProfile', isLoggedIn, function(req, res, next){
User.update({ _id: req.user.id}, req.body, function(err, user){
//Function to compare data and see it does not contain special characters
const isDataValid = validateData(req.body.data, format)
if isDataValid{
user.email = req.body.data.emailEdit;
user.first_name = req.body.data.first_nameEdit;
user.last_name = req.body.data.last_nameEdit;
user.username = req.body.data.usernameEdit;
res.redirect('/profile/');
}
}
});

Non compliant code

The application updates user information with inputs without validating data on the server side

app.post('/editProfile', isLoggedIn, function(req, res, next){
User.update({ _id: req.user.id}, req.body, function(err, user){
user.email = req.body.data.emailEdit;
user.first_name = req.body.data.first_nameEdit;
user.last_name = req.body.data.last_nameEdit;
user.username = req.body.data.usernameEdit;
res.redirect('/profile/');
}
});

Requirements