CWE-501 Trust Boundary Violation
Coverage: 5 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 5 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.
What this means
SiteShadow flagged data crossing a trust boundary without validation. "Trust boundary" means moving from an untrusted domain (client, webhook, third-party, env) into trusted logic (authz, pricing, filesystem, admin actions).
Why it matters
Trust boundary violations allow unsafe data to influence privileged logic.
- Business logic abuse (client controls price/status).
- Authorization bypass (client controls
isAdmin,userId,role). - Injection chains when untrusted strings reach interpreters (SQL/shell/HTML).
Safer examples
1) Validate at the boundary (schema + allowlists)
Validate request bodies, query params, headers, and webhook payloads as they enter the system.
2) Recompute sensitive values server-side
Treat client input as suggestions; compute pricing/state transitions on the server (see B01 / API01).
3) Add defense-in-depth controls
Rate limits, authz policies, and safe-by-default APIs reduce impact if one boundary check fails.
How SiteShadow detects it (high level)
- Looks for untrusted sources influencing sensitive decisions (auth, permissions, pricing, filesystem, execution).
- Flags missing validation/allowlists around boundary-crossing data flows.
References
- CWE-501: https://cwe.mitre.org/data/definitions/501.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.