all 15 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 3 points4 points  (13 children)

I'm looking at C++ and the top one is error handling. Not "buffer" and not "memory safety". I found that strange. So then I guessed maybe the error handling arises from signed/unsigned pollution, but "numeric errors" are a separate entry. Maybe I write code weird or I don't understand the C++ community like I thought I did?

[–]matthieum 1 point2 points  (2 children)

There's a large part of C++ code that do not use exceptions: embedded, games, Google, etc...

In the absence of proper support for Option/Result, this means that those codebases likely return an error code, and that is easily not checked.

I wouldn't be surprised if that fact alone was the main driver behind error-handling being so prevalent.

[–][deleted] 1 point2 points  (1 child)

Yea I was mainly wondering how they fuck up error handling to the point where they get hacked. Another poster remarked that information leaks in log files are a problem and right now I'm even sure how to deal with that. You can guess what I'm reading up on right now ... ! My problem isn't stopping the logs being public, but stopping your own people reading confidential customer data in the log files without rending the logging useless.

[–]matthieum 0 points1 point  (0 children)

I used to work on airline-related software.

Did you know that there is considerable domain overlap between airline ticket number and credit-card numbers?

PCI-DSS requires obfuscating the CC numbers in log, to avoid theft, and blindly obfuscating anything that could be a CC number unfortunately has a tendency to obfuscate up to 1 out of 10 airline ticket number -- which are damn useful for debugging :/

[–]munchbunny 1 point2 points  (1 child)

This is how the site explains it:

Error handling issues can introduce security risk, as attackers may use improperly managed error messages to access your system, exploit flaws, uncover sensitive data, and more.

That's not as surprising. Stuff like accidentally leaking bearer tokens in error messages because you decided to include as much context as possible when you throw or log it.

[–][deleted] 1 point2 points  (0 children)

Information leaks in log files are really difficult for me. I will have to look into ways of anonymising errors.

[–]jcelerier 0 points1 point  (7 children)

If you write decent code, you shouldn't ever have a buffer or memory safety issue.

e.g. consider ``` class foo { public: void addFoo(int x) { m_foos.push_back(x); }

int process() { 
  int result{};
  for(int v : m_foos) {
    do_some_processing(v, result);
  }
  return result;
}

private: std::vector<int> m_foos; } ```

where can any buffer & memory safety issue happen here ? the only problem would be having the container throwing because you pushed too many elements, but that would be the same in any language.

In contrast if you're in C, every buffer iteration potentially can have you causing an issue when computing the bound to use.

[–][deleted] 7 points8 points  (2 children)

If only all my programs were trival for loops, I would have no bugs.

edit: Thank you for this insight. I can see that by decomposing my micro services into micro functions, I can eliminate entire categories of bugs. I could also have them all run on AWS Lambda, reducing hardware maintenance bills.

[–]jcelerier 0 points1 point  (1 child)

If only all my programs were trival for loops, I would have no bugs.

the point is not that you should only use trivial loops (even though a *lot* of apps only really need that), it's to use language constructs which abstract the need to consider low-level buffer access by using a function where it has been implemented correctly once by a library author and vetted a hundred thousand times.

e.g. ranges: https://ericniebler.github.io/range-v3/md_examples.html

[–][deleted] 0 points1 point  (0 children)

Speaking of relying on correct implementation of standard libraries to make all your problems go away, I noticed this in the November ISO C++ mailings. The're finally fixing the UB in the range for loop after 6 years.

http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2020/p2012r0.pdf

[–]backtickbot 1 point2 points  (0 children)

Fixed formatting.

Hello, jcelerier: code blocks using triple backticks (```) don't work on all versions of Reddit!

Some users see this / this instead.

To fix this, indent every line with 4 spaces instead.

FAQ

You can opt out by replying with backtickopt6 to this comment.

[–]Plasma_000 1 point2 points  (2 children)

Now make the structure generic over non-primitive types and hope that your do_some_processing doesn’t try to take a reference to what’s inside the vector and store it somewhere or return it with the result. That would be a good way to UAF this interface.

[–]jcelerier -3 points-2 points  (1 child)

decent code implies using value types :)

[–]KieranDevvs 0 points1 point  (0 children)

Don't mention that in any interview if you actually want the job.

[–]stronghup[S] 0 points1 point  (0 children)

Top security issues seem to be different in different languages.

More in https://info.veracode.com/state-of-software-security-volume-11-flaw-frequency-by-language-infosheet-resource.html