Usage of trusted and untrusted data inside the same data structure

• Rule ID: java_lang_trust_boundary_violation
• Languages: java
• Source: trust_boundary_violation.yml

Description

Combining trusted and untrusted data within a single data structure poses a significant security risk. This practice may result in untrusted data being incorrectly regarded as trustworthy, potentially leading to security vulnerabilities.

Remediations

• Do not mix trusted and untrusted data in the same data structure. Keeping them separate ensures that untrusted data does not accidentally gain the same level of trust as the verified data.

Associated CWE

• CWE-501: Trust Boundary Violation

OWASP Top 10

• A04:2021 - Insecure Design

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_trust_boundary_violation

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_trust_boundary_violation