Security Test: Unsafe Function Use¶
Description¶
Default Severity:
Unsafe function use happens when developers incorporate functions in their code that don't properly manage user input or system resources, opening the door for attacks like SQL injection, cross-site scripting, or even remote code execution. Such vulnerabilities allow attackers to manipulate inputs or commands, which can lead to unauthorized data access, data corruption, or even taking full control of your system. The risk arises from using outdated or improperly secured functions that haven’t been updated to handle modern threat models, and it's easy to fall into this trap if security isn't a priority during development. If left unchecked, these vulnerabilities can lead to significant security breaches and costly remedies down the line, so it's important to stay vigilant and use safer alternatives wherever possible.
Configuration¶
Identifier:
configuration/unsafe_function_use
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM05:2023 |
| PCI DSS | 6.2 |
| GDPR | Article-32 |
| SOC2 | CC6 |
| PSD2 | Article-95 |
| ISO 27001 | A.12.6 |
| NIST | SP800-40 |
| FedRAMP | SI-2 |
| CWE | 676 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C |
| CVSS Score | 9.0 |