CWE-829 Inclusion of Functionality from Untrusted Control Sphere
What this means
SiteShadow flagged code or dependencies being pulled from an untrusted control sphere (untrusted registries, unchecked remote includes, dynamic plugin loading, downloading and executing code at runtime).
Why it matters
Untrusted sources can introduce malicious functionality.
- Supply-chain compromise: attackers swap or poison dependencies/plugins and run code inside your app.
- Persistent backdoors: malicious code ships to users/production and is hard to notice.
- Credential theft/data exfiltration: compromised dependencies often target tokens and secrets.
Safer examples
1) Pin and verify dependencies
Use lockfiles, checksums/signatures where supported, and controlled registries (see A08 / SBOM01).
2) Don't download-and-execute at runtime
Avoid "fetch plugin code from URL" patterns. If you need extensibility, ship vetted plugins or use server-side allowlisted modules.
3) Restrict plugin/module loading
Allowlist module names and load only from a trusted, read-only directory.
How SiteShadow detects it (high level)
- Detects dynamic code loading (remote includes, downloads, eval-like execution, plugin loading) and checks whether the source is untrusted.
- Flags missing integrity checks (pins, hashes, signatures) around dependency acquisition.
References
- CWE-829: https://cwe.mitre.org/data/definitions/829.html
---