CWE-454 可信任变量或数据存储的外部初始化

External Initialization of Trusted Variables or Data Stores

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown


The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.


A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can initialize the variable, then they can influence what the vulnerable system will do.


  • cwe_Nature: ChildOf cwe_CWE_ID: 665 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: CanAlsoBe cwe_CWE_ID: 456 cwe_View_ID: 1000


Language: [{'cwe_Name': 'PHP', 'cwe_Prevalence': 'Sometimes'}, {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}]


范围 影响 注释
Integrity Modify Application Data An attacker could gain access to and modify sensitive data or system information.



策略: Input Validation

A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking (e.g. input validation) is performed when relying on input from outside a trust boundary.

Architecture and Design


Avoid any external control of variables. If necessary, restrict the variables that can be modified using a whitelist, and use a different namespace or naming convention if possible.


In the Java example below, a system property controls the debug level of the application.

bad Java

int debugLevel = Integer.getInteger("com.domain.application.debugLevel").intValue();

If an attacker is able to modify the system property, then it may be possible to coax the application into divulging sensitive information by virtue of the fact that additional debug information is printed/exposed as the debug level increases.

This code checks the HTTP POST request for a debug switch, and enables a debug mode if the switch is set.

bad PHP

$debugEnabled = false;
if ($_POST["debug"] == "true"){
$debugEnabled = true;

function login($username, $password){
echo 'Debug Activated';
$isAdmin = True;
return True;

Any user can activate the debug mode, gaining administrator privileges. An attacker may also use the information printed by the phpinfo() function to further exploit the system. .

This example also exhibits Information Exposure Through Debug Information (CWE-215)


标识 说明 链接
CVE-2000-0959 Does not clear dangerous environment variables, enabling symlink attack.
CVE-2001-0033 Specify alternate configuration directory in environment variable, enabling untrusted path.
CVE-2001-0872 Dangerous environment variable not cleansed.
CVE-2001-0084 Specify arbitrary modules using environment variable.


Relationship Overlaps Missing variable initialization, especially in PHP. Applicable Platform


映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER External initialization of trusted variables or values
Software Fault Patterns SFP25 Tainted input to variable