Security Test: Typing misconfiguration¶
Description¶
Default Severity:
A typing misconfiguration happens when a system accepts a parameter in a form that's not expected—like receiving a number when it should be a string—and it ends up processing it anyway. This can be dangerous because the application might mishandle or misinterpret the data, potentially letting attackers inject unexpected values or exploit logic errors. Often, developers assume that the input will always match the expected type and don't include strict type checking, which can leave the door open for misuse. If left unchecked, these issues can cause unintended behavior, compromise data integrity, or even open paths for more serious attacks.
Reference:
Configuration¶
Identifier:
schema/typing_misconfiguration
Examples¶
All configuration available:
checks:
schema/typing_misconfiguration:
skip: false # default
options:
skip_objects: # cf. Options below
Options¶
Options can be set in the options key of the Security Test Configuration.
| Property | Type | Default | Description |
|---|---|---|---|
skip_objects | List[string] | List of object that are to be skipped by the security test. |
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API10:2023 |
| OWASP LLM Top 10 | LLM07:2023 |
| PCI DSS | 6.5.1 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 20 |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/RL:O/RC:C |