1. Home
  2. CWE Database
  3. CWE-1173
Base · Medium

CWE-1173: Improper Use of Validation Framework

The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

CWE-1173 · Base Level ·1 Mitigations

Description

The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

Many modern coding languages provide developers with input validation frameworks to make the task of input validation easier and less error-prone. These frameworks will automatically check all input against specified criteria and direct execution to error handlers when invalid input is received. The improper use (i.e., an incorrect implementation or missing altogether) of these frameworks is not directly exploitable, but can lead to an exploitable condition if proper input validation is not performed later in the product. Not using provided input validation frameworks can also hurt the maintainability of code as future developers may not recognize the downstream input validation being used in the place of the validation framework.

Potential Impact

Integrity

Unexpected State

Mitigations & Prevention

Implementation

Properly use provided input validation frameworks.

Detection Methods

  • Automated Static Analysis — Some instances of improper input validation can be detected using automated static analysis. A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation

CWE-20: Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the ...

Frequently Asked Questions

What is CWE-1173?

CWE-1173 (Improper Use of Validation Framework) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

How can CWE-1173 be exploited?

Attackers can exploit CWE-1173 (Improper Use of Validation Framework) to unexpected state. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-1173?

Key mitigations include: Properly use provided input validation frameworks.

What is the severity of CWE-1173?

CWE-1173 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.