20 years ago I joined the Visual C++ team. Across the floor was an office with a wooden plate on the desk.
The plate said (more or less) "Why are you doing what you are doing?"
Herb Sutter sat at that desk.
Interesting article to read (slowly) and digest.
CTF 6 revealed, and the main key takeaway from our secure coding journey is: READ THE FREAKING MANUAL!!!! Seriously, whenever you're using a library for any task, take the time to read the manual and understand what kinds of risks could arise from utilizing its various options, especially when user input is involved. In this particular case, the ability to change the library options using user input slipped through the cracks.
More takeways:
👉 Avoid creation of template strings from user input:
Always preset templates on the server and feed arguments under strict control and sanitization of user inputs. Some apps may require more flexibility, so if there's absolutely no way around it, the user-input template should be strictly sanitized and we need to make sure that the user doesn't have control over any extended or more powerful than intended options. Always remember that a template engine might have such loopholes or powerful intended behaviors by the nature of its designed purpose.
👉 Attackers don't necessarily need access to the code to identify SSTI vulns:
Experienced attackers can fairly easily map code which is using a template engine. Then based on the type of template engine, they already have the risks mapped and could effectively exploit them.
Code Wizer!
Fascinating discussion, Henrique Bucher! Safety is paramount, and it's intriguing to delve into the challenges when the C++ standard library seemingly opposes our safety endeavors. Looking forward to more insights and potential solutions from the community. 👏 #cplusplus#safetyfirst#programming
Talking about safety, and what to do when the C++ standard library itself purposely acts against your safety efforts?
===============
Case in mind was brought to my attention today, most C++ headers in GCC's stdlibc++ and also in Clang's libc++ contain the pragma "system_header" which suppresses all warnings you rely upon to avoid dangerous situations, like a bit narrowing with loss of precision.
===============
In the case below, the compiler will alert for narrowing when it occurs in the user's code, but it will silently drop the alerts when we use std::optional because the narrowing happens inside the system include.
Godbolt for the brave: https://lnkd.in/gXx2FnrM
===============
Talk about double standards? That's the C++ library implementers cutting some huge slack for themselves so they don't get flagged by static analyzers.
===============
When I manually removed the pragma from the optional include file, the number of warnings jumped from five to SEVENTEEN.
===============
And you fool turning on -Wall -Wextra -Werror -pedantic thinking you were safe? We don't need Rust, we just need to fix our mess.
===============
FOLLOW US on Substack for more insights like this: https://lnkd.in/gEQFbMH3
Consulting inquiries: https://www.vitorian.com#cpp#cplusplus#programming
Bjarne Stroustrup’s Plan for Bringing Safety to C++: profiles. (That is, a set of rules which, when followed, achieve specific safety guarantees.) They’d be defined by the ISO C++ standard, addressing common safety issues like pointers and array ranges.
https://lnkd.in/d-d-5f47
Recently the popularity of MSLs (Memory-Safe Languages) like Rust have driven some people away from C++. As an old user and fanboy of C++, I naturally get concerned about the criticism against C++ and believe that if we followed some guidelines strictly, we should be able to achieve similar memory safety with C++ as with some popular MSLs. Here's an interesting and informative article by Herb Sutter, the chair of the ISO C++ Standards Committee discussing security, safety and the possible changes in C++ that can address these issues.
https://lnkd.in/ghKpBT-5
OWASP PRO Active Controls for Developers v. 3 – Securing Coding Best Practices – 10 Critical Security Areas where developers must know and follow the recommendatios mandatory https://lnkd.in/dck-57eP
You cannot solve a problem by employing the same mindset (C++) you used to create them.