Objective: To cause a Denial of Service (DoS) or achieve Information Disclosure by exploiting Guava-specific functionalities within the target application.
[Attacker Goal: DoS or Information Disclosure via Guava]
|
---------------------------------------------------------------------------------
| |
[Sub-Goal: Exploit Caching Mechanisms] [Sub-Goal: Exploit EventBus] [HIGH-RISK]
|
-------------------------------------------------
| |
[Attack: Cache [Attack: Cache [Attack: Malicious {CRITICAL}[Attack: EventBus
Poisoning] Flooding] [HIGH-RISK] Event Injection] [HIGH-RISK] DoS via Listener] [HIGH-RISK]
| |
[Method: Inject {CRITICAL}[Method: Send [Method: Register {CRITICAL}[Method: Flood with
malicious large number malicious listener, expensive events]
entries with of requests then send crafted
long expiry] to fill cache] events]
| |
[Mitigation: [Mitigation: {CRITICAL}[Mitigation: {CRITICAL}[Mitigation:
Input validation, Rate limiting, Input validation Rate limiting,
limit cache limit cache on event types, limit listeners,
size, use size, {CRITICAL}monitor strict access monitor event
strong keys] cache usage] control] processing time]
|
-------------------------------------------------
|
[Sub-Goal: Exploit Collection Utilities] [HIGH-RISK]
|
-------------------------------------------------
|
{CRITICAL}[Attack: Unbounded Collection Growth] [HIGH-RISK]
|
{CRITICAL}[Method: Trigger creation of large/infinite
collections (e.g., Multimap) via user
input, leading to memory exhaustion]
|
{CRITICAL}[Mitigation: Input validation, limit collection
size, use bounded collections where possible]
|
-------------------------------------------------
|
[Sub-Goal: Exploit common.io Utilities] [HIGH-RISK]
|
-------------------------------------------------
| |
[Attack: Path Traversal via Files.asByteSource()] [HIGH-RISK] [Attack: Resource Exhaustion via ByteStreams.copy()] [HIGH-RISK]
| |
{CRITICAL}[Method: If application uses Files.asByteSource() {CRITICAL}[Method: If application uses ByteStreams.copy() with
with user-supplied paths without proper unbounded input streams, trigger a large copy
validation, craft a path to access files operation to exhaust resources (disk space, memory)]
outside the intended directory] |
| |
{CRITICAL}[Mitigation: Sanitize file paths, use {CRITICAL}[Mitigation: Limit input stream size, use timeouts,
whitelisting, avoid using user input directly] monitor resource usage]
Attack Tree Path: Exploiting Caching Mechanisms: Cache Flooding
Description: The attacker sends a large number of requests with different, likely non-existent, keys to the cache. This forces the cache to evict legitimate entries and consume memory, leading to a denial-of-service (DoS) condition.
- Method:
Send large number of requests to fill cache - Mitigation:
Limit cache size,Monitor cache usage,Rate Limiting - Why High-Risk: Low effort, high impact (DoS), easy to execute.
Attack Tree Path: Exploiting Caching Mechanisms: Cache Poisoning
Description: Attacker injects malicious entries into the cache, potentially leading to serving incorrect data or, in more complex scenarios, further exploitation.
- Method:
Inject malicious entries with long expiry - Mitigation:
Input validation,Rate limiting,limit cache size,use strong keys - Why High-Risk: Medium effort, medium to high impact.
Attack Tree Path: Exploiting EventBus: Malicious Event Injection
Description: The attacker registers a listener (or posts directly if allowed) and sends crafted events that trigger unintended behavior in event handlers. This could lead to information disclosure, DoS, or potentially even code execution if the handlers are vulnerable.
- Method:
Register malicious listener, then send crafted events - Mitigation:
Input validation on event types,Strict access control - Why High-Risk: Low to medium effort, potentially very high impact.
Attack Tree Path: Exploiting EventBus: EventBus DoS via Listener
Description: The attacker registers a listener that performs expensive operations or intentionally blocks. Then, the attacker floods the EventBus with events, overwhelming the system and causing a DoS.
- Method:
Flood with expensive events - Mitigation:
Rate limiting,Limit listeners,Monitor event processing time - Why High-Risk: Low effort, high impact (DoS).
Attack Tree Path: Exploiting Collection Utilities: Unbounded Collection Growth
Description: The attacker provides input that causes the application to create extremely large or even infinitely growing collections (e.g., using Multimap, Lists, Sets). This leads to memory exhaustion and a DoS.
- Method:
Trigger creation of large/infinite collections (e.g., Multimap) via user input, leading to memory exhaustion - Mitigation:
Input validation,Limit collection size,Use bounded collections where possible - Why High-Risk: Very common vulnerability, low effort, high impact (DoS).
Attack Tree Path: Exploiting common.io Utilities: Path Traversal via Files.asByteSource()
Description: If the application uses Files.asByteSource() with user-supplied file paths without proper validation, the attacker can craft a path (using ".." sequences) to access files outside the intended directory. This can lead to information disclosure or potentially file modification/deletion.
- Method:
If application uses Files.asByteSource() with user-supplied paths without proper validation, craft a path to access files outside the intended directory - Mitigation:
Sanitize file paths,Use whitelisting,Avoid using user input directly - Why High-Risk: Well-known attack, low effort, high impact (information disclosure).
Description: If the application uses ByteStreams.copy() with unbounded input streams (e.g., from a network connection), the attacker can provide a very large input stream, causing the application to consume excessive resources (disk space, memory), leading to a DoS.
- Method:
If application uses ByteStreams.copy() with unbounded input streams, trigger a large copy operation to exhaust resources (disk space, memory) - Mitigation:
Limit input stream size,Use timeouts,Monitor resource usage - Why High-Risk: Low effort, high impact (DoS).