Only Filtering One Instance of a Special Element
This vulnerability occurs when an application processes incoming data but only removes or neutralizes one occurrence of a dangerous element, leaving other identical or similar elements untouched before passing the data along.
Imagine a scenario where user input contains multiple instances of a malicious script tag or a special command character. If the security filter is designed to catch and remove only the first (or last) instance it finds, all subsequent instances will pass through unchanged. This creates a deceptive security gap where the code appears to be sanitizing input but is actually performing an incomplete, single-operation cleanup. This type of flaw is often location-dependent, meaning the filter's effectiveness depends on whether it targets the initial or final element in a sequence. Developers might mistakenly assume their filter runs in a loop or uses a global replacement pattern, but a one-time replacement leaves the door open for attackers who can simply embed multiple harmful elements to bypass the defense.
Impact: Unexpected State
ID : DX-2
The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.Code Example:
perlCode Example:
bashCode Example:
bashCode Example:
bash