O121-C2-019500 - The DBMS must check the validity of data inputs.

Information

Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated application behavior, potentially leading to an application or information system compromise. Invalid user input is one of the primary methods employed when attempting to compromise an application.

All applications need to validate the data users attempt to input to the application for processing. Rules for checking the valid syntax and semantics of information system inputs (e.g., character set, length, numerical range, acceptable values) are in place to verify inputs match specified definitions for format and content. Inputs passed to interpreters are prescreened to prevent the content from being unintentionally interpreted as commands.


This calls for inspection of application source code, which will require collaboration with the application developers. It is recognized that in many cases, the database administrator (DBA) is organizationally separate from the application developers and may have limited, if any, access to source code. Nevertheless, protections of this type are so important to the secure operation of databases that they must not be ignored. At a minimum, the DBA must attempt to obtain assurances from the development organization that this issue has been addressed and must document what has been discovered.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Modify database code to properly validate data before it is put into the database or acted upon by the database.

Modify database to contain field definitions for each field in the database.

Modify database to contain constraints on database columns and tables that require them for data validity.

Review the application schemas implemented on the system. Check the DDL for the tables that are created for the applications to see if constraints have been enabled.

- - - - -
Enabling Constraints Upon Definition
The following CREATE TABLE and ALTER TABLE statements both define and enable integrity constraints:
CREATE TABLE emp (
empno NUMBER(5) CONSTRAINT emp.pk PRIMARY KEY, . . . ) ;
ALTER TABLE emp
ADD CONSTRAINT emp.pk PRIMARY KEY (empno);

An ALTER TABLE statement that defines and attempts to enable an integrity constraint can fail because existing rows of the table violate the integrity constraint. In this case, the statement is rolled back, and the constraint definition is not stored and not enabled.

When enabling a UNIQUE or PRIMARY KEY constraint, an associated index is created.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_12c_V3R2_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-10, CAT|II, CCI|CCI-001310, Rule-ID|SV-220300r961158_rule, STIG-ID|O121-C2-019500, STIG-Legacy|SV-76275, STIG-Legacy|V-61785, Vuln-ID|V-220300

Plugin: OracleDB

Control ID: 79b348211ec2948da863ebd8aa3e237531736317d8e0d174de4b2ec1eaf4f321