logo

Permissive List of Allowed Inputs

Draft Base
Structure: Simple
Description

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

Common Consequences 1
Scope: Access Control

Impact: Bypass Protection Mechanism
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Observed Examples 5
CVE-2019-12799chain: bypass of untrusted deserialization issue (Deserialization of Untrusted Data) by using an assumed-trusted class (Permissive List of Allowed Inputs)
CVE-2019-10458sandbox bypass using a method that is on an allowlist
CVE-2017-1000095sandbox bypass using unsafe methods that are on an allowlist
CVE-2019-10458CI/CD pipeline feature has unsafe elements in allowlist, allowing bypass of script restrictions
CVE-2017-1000095Default allowlist includes unsafe methods, allowing bypass of sandbox
References 1
The Art of Software Security Assessment
Mark Dowd, John McDonald, and Justin Schuh
Addison Wesley
2006
ID: REF-62
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Attack Patterns
Alternate Terms

Allowlist / Allow List

This is used by CWE and CAPEC instead of other commonly-used terms. Its counterpart is denylist.

Safelist / Safe List

This is often used by security tools such as firewalls, email or web gateways, proxies, etc.

Whitelist / White List

This term is frequently used, but usage has been declining as organizations have started to adopt other terms.
Related Weaknesses
ChildOf: Incorrect Comparison (CWE-697)
CanPrecede: Unrestricted Upload of File with Dangerous Type (CWE-434)
Taxonomy Mapping
  • PLOVER