CWE-807 Reliance on Untrusted Inputs in a Security Decision
Coverage: 5 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 5 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.
What this means
SiteShadow flagged a security decision being made using untrusted input (client-provided fields, headers, query params) without verification.
Why it matters
Trusting unverified input can enable bypasses and escalation.
- Authz bypass when "who are you?" or "are you admin?" comes from the client.
- Business logic abuse when decisions depend on client-sent totals, prices, or states.
- Often a root cause behind multiple higher-level issues (see
CWE-501/B01).
Safer examples
1) Verify identity and roles server-side
Use server-validated sessions/tokens and load roles/permissions from the server.
2) Validate and allowlist inputs
Validate at the boundary and reject unexpected shapes (see CWE-20).
3) Recompute sensitive values server-side
Don't trust client totals/prices/state; recompute or verify with signatures (see A11).
How SiteShadow detects it (high level)
- Identifies security decisions (auth, permissions, state) and checks whether the deciding values originate from untrusted sources.
- Flags missing verification/normalization around those values.
References
- CWE-807: https://cwe.mitre.org/data/definitions/807.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.