Query module ExposedSystemData

name
Exposure of system data to an unauthorized control sphere
description
Exposing system data or debugging information helps an adversary learn about the system and form an attack plan.
kind
problem
problem.severity
warning
precision
medium
id
cpp/system-data-exposure
tags
security external/cwe/cwe-497

Imports

Environment

Reading from the environment, for example with ‘getenv’.

OutputWrite
cpp

Provides classes and predicates for working with C/C++ code.

Classes

DataOutput

Somewhere data is output.

EnvData

Data originating from the environment.

LogonUser

Data passed into a LogonUser (Windows) function.

PosixPWInfo

Data obtained from a POSIX user/password/group database information call.

PosixSystemInfo

Data obtained from a POSIX system information call.

RegQuery

Data read from the Windows registry.

SQLClientInfo

Data originating from a call to mysql_get_client_info().

SQLConnectInfo

Data passed into an SQL connect function.

SocketOutput

Data that is output via a socket.

StandardOutput

Data that is output via standard output or standard error.

SystemData

An element that should not be exposed to an adversary.

WindowsFolderPath

Data obtained about Windows special paths (for example, the location of System32).

WindowsSystemInfo

Data obtained from a Windows system information call.