Skip to content

Latest commit

 

History

History
107 lines (82 loc) · 8.5 KB

mitigations.md

File metadata and controls

107 lines (82 loc) · 8.5 KB

Mitigation Strategies Analysis for fasterxml/jackson-core

Mitigation Strategy: Control Nesting Depth

Mitigation Strategy: Control Nesting Depth

  • Description:

    1. Determine Maximum Acceptable Nesting Depth: Analyze your application's data models to understand the maximum legitimate nesting level for JSON structures you expect to process. Excessive nesting is often unnecessary and can be a potential attack vector.
    2. Configure JsonFactory Max Depth: When creating JsonFactory instances, use the builder pattern to set the maxDepth limit. For example: 
      JsonFactory jsonFactory = JsonFactory.builder().maxDepth(32).build();
      Choose a reasonable integer value for maxDepth based on your analysis.
    3. Use Configured JsonFactory for Parsing: Ensure that this configured JsonFactory instance is used whenever you create JsonParser instances to parse incoming JSON data. For example: 
      try (JsonParser parser = jsonFactory.createParser(jsonPayload)) {
    // ... parsing logic ...
} catch (JsonParseException e) {
    // ... error handling ...
}
    4. Handle JsonParseException: Implement error handling to catch JsonParseException that may be thrown when the nesting depth exceeds the configured limit.

  • List of Threats Mitigated:

    • Stack Overflow DoS via Deep Nesting (Medium to High Severity): Parsing extremely deeply nested JSON can cause stack overflow errors in the JVM, leading to application crashes and denial of service.
    • Performance Degradation DoS via Deep Nesting (Medium Severity): Parsing very deep JSON structures can consume significant CPU and memory, causing performance degradation and potential denial of service.

  • Impact:

    • Stack Overflow DoS via Deep Nesting (High Reduction): Effectively prevents stack overflow errors caused by excessive nesting by stopping parsing before the stack overflows.
    • Performance Degradation DoS via Deep Nesting (Medium Reduction): Reduces the risk of performance degradation by limiting the complexity of JSON structures processed by jackson-core.

  • Currently Implemented:

    • Needs Assessment. Check the codebase for instances where JsonFactory is created and used. Verify if maxDepth is explicitly set using the builder.

  • Missing Implementation:

    • Likely missing in code where JsonFactory is instantiated. Developers might be using default JsonFactory instances without setting maxDepth.
    • Potentially missing in unit tests to confirm that maxDepth is correctly configured and enforced during parsing.

Mitigation Strategy: Handle Parsing Errors Gracefully

Mitigation Strategy: Handle Parsing Errors Gracefully

  • Description:

    1. Identify Parsing Code: Locate all code sections where jackson-core's JsonParser or related classes are used to parse JSON data.
    2. Implement try-catch Blocks: Wrap JSON parsing code within try-catch blocks to specifically handle JsonParseException and potentially IOException that can occur during parsing. 
      try (JsonParser parser = jsonFactory.createParser(jsonPayload)) {
    // ... parsing logic ...
} catch (JsonParseException e) {
    // Log error securely (not to user output)
    // Return generic error to user
} catch (IOException e) {
    // Handle IO errors
}
    3. Securely Log Error Details: Inside the catch (JsonParseException e) block, log detailed error information (exception type, message, potentially relevant parts of the input if safe) to a secure logging system. Avoid logging to standard output or error streams accessible to users.
    4. Return Generic Error Responses: In the catch (JsonParseException e) block, ensure your application returns a generic, non-revealing error response to the user or client. Avoid exposing specific details of the parsing error in the response.

  • List of Threats Mitigated:

    • Information Disclosure via Error Messages (Low to Medium Severity): Detailed JsonParseException messages might reveal information about the application's internal structure or data format to attackers if exposed directly.
    • Unexpected Application Behavior (Low Severity): Unhandled JsonParseException exceptions can lead to unexpected application behavior or crashes if not caught and managed.

  • Impact:

    • Information Disclosure via Error Messages (High Reduction): Prevents leakage of internal details through error messages by providing generic responses and logging details securely.
    • Unexpected Application Behavior (Medium Reduction): Improves application stability by gracefully handling parsing errors and preventing unhandled exceptions from propagating.

  • Currently Implemented:

    • Potentially Partially Implemented. Basic try-catch blocks might exist, but error handling might not be consistently applied for JsonParseException specifically, or logging and response generation might not be secure.

  • Missing Implementation:

    • Inconsistent error handling for JsonParseException across all JSON parsing locations in the application.
    • Potentially missing secure logging practices within JsonParseException handlers (logging to insecure locations or including sensitive data in logs).
    • Potentially exposing detailed error information to users instead of generic responses when JsonParseException occurs.

Mitigation Strategy: Use Secure Parsing Configurations

Mitigation Strategy: Use Secure Parsing Configurations

  • Description:

    1. Review JsonFactory Features: Examine the available JsonFactory.Feature and StreamReadFeature enums. Understand the purpose of each feature and its potential security implications. Refer to Jackson documentation for details on each feature.
    2. Disable Unnecessary Features: For each JsonFactory instance you create, explicitly disable any JsonFactory.Feature or StreamReadFeature that are not essential for your application's JSON processing requirements. For example, if you don't need to parse JSON comments, disable StreamReadFeature.ALLOW_COMMENTS. 
      JsonFactory jsonFactory = JsonFactory.builder()
        .disable(StreamReadFeature.ALLOW_COMMENTS)
        .disable(StreamReadFeature.ALLOW_UNQUOTED_FIELD_NAMES) // Example: Disable if not needed
        .build();
    3. Configure Number and String Handling: If your application has specific requirements or security concerns related to number or string parsing, explore relevant JsonFactory.Feature and StreamReadFeature options that control how these data types are handled. Configure them to align with your security needs.

  • List of Threats Mitigated:

    • Unexpected Parsing Behavior (Low to Medium Severity): Default or overly permissive parsing settings might lead to unexpected behavior when processing unusual or crafted JSON inputs, potentially causing application errors or vulnerabilities in specific scenarios.
    • Subtle Parsing Flaws (Low Severity): In rare cases, certain combinations of parsing features and specific JSON input might expose subtle parsing flaws that could be exploited.

  • Impact:

    • Unexpected Parsing Behavior (Low to Medium Reduction): Reduces the risk of unexpected parsing behavior by enforcing stricter parsing rules and disabling features that are not strictly required, minimizing potential attack surface.
    • Subtle Parsing Flaws (Low Reduction): Minimally reduces the risk of subtle parsing flaws by simplifying parsing configurations and disabling potentially less secure or less robust features.

  • Currently Implemented:

    • Needs Assessment. Check the codebase for JsonFactory instantiation. Determine if any JsonFactory.Feature or StreamReadFeature settings are explicitly configured beyond the defaults.

  • Missing Implementation:

    • Likely using default JsonFactory configurations without explicitly reviewing and adjusting JsonFactory.Feature and StreamReadFeature settings for security best practices.
    • Potentially using more permissive parsing configurations than necessary, increasing the potential attack surface.