- We define Data Verification Bugs (DVR) as follows:
- Data are verified (semantics check) or corrected (assign value, remove) improperly.
- Fig. 1 depicts DVR causes, attributes and consequences.
Fig 1. Data Verification Bugs (DVR) Class - click on image for detailed view.
-
The DVR operations are: Verify and Correct. They reflect the improper check and modification of data semantics.
| Operation Value | Definition |
|---|---|
| Verify | Check data semantics (proper value/meaning) in order to accept (and possibly correct) or reject it. |
| Correct | Modify data (assign new value, remove), in order to make it accurate. |
- The graph of causes shows that there are two main causes for data verification bugs: Improper Operation and
Improper Data.
- Using not equal to (!=) when comparing to safelist values.
- Using greater than (>) when checking for upper range.
- Permissive safelist or regular expression.
- Incomplete denylist.
| Improper Operation | ||
|---|---|---|
| Value | Definition | Example |
| Missing | The operation is absent. | Missing data sanitization. |
| Erroneous | There is a bug in the implementation of the operation (incl. how it checks against a policy). | |
| Under-Restrictive Policy | Accepts bad data. | |
| Over-Restrictive Policy | Rejects good data. | Over-restrictive denylist or regular expression. |
| Improper Data | |
|---|---|
| Value | Definition |
| Invalid Data | Data with harmed syntax due to sanitization errors. |
- The graph of consequences shows Improper Data for Next Operation as a consequence.
| Improper Data for Next Operation | |
|---|---|
| Value | Definition |
| Invalid Data | Data with harmed syntax due to sanitization errors. |
| Wrong Value | Data with harmed semantics; not accurate value (e.g., outside of a range). |
| Inconsistent Value | Data value is inconsistent with the value of a related data (e.g., inconstancy between the value of a size variable and the actual buffer size). |
| Wrong Type | Data with wrong data type. |
- The attributes of DVR are:
| Name | Value | Definition |
|---|---|---|
| Mechanism | Value | Check data for a specific value (incl. NULL or list of values). |
| Quantity | Check data for a specific measurable value (e.g., size, time, rate, frequency). | |
| Range | Check data are within a (min, max) interval. | |
| Type | Check data type (e.g., int, float, XSD-XML Schema Definition, or specific structure/object). | |
| Other Rules | Check data against other business logic. | |
| Source Code | Codebase | The operation is in programmer’s code – in the application itself. |
| Third Party | The operation is in a third party library. | |
| Standard Library | The operation is in the standard library for a particular programming language. | |
| Language Processor | The operation is in the tool that allows execution or creates executable (compiler, assembler, interpreter). | |
| Execution Space | Local | The bugged code runs in an environment with access control policy with limited (local user) permission. |
| Admin | The bugged code runs in an environment with access control policy with unlimited (admin user) permission. | |
| Bare-Metal | The bugged code runs in an environment with-out privilege control. Usually, the program is the only software running and has total access to the hardware. | |
| State | Entered | Data comes from user interface (e.g., text field). |
| Stored | Data comes from permanent storage (e.g., file, database on a storage device). | |
| In Use | Data comes from volatile storage (e.g., RAM, cache memory). | |
| Transferred | Data comes via network (e.g., connecting analog device or another computer). |
- A site for input/output check bugs is any part of the code that should check and sanitize data syntax or check and correct data semantics.
- Application examples are provided here.