Unsanitized user input in code generation
- Rule ID: java_lang_code_injection
- Languages: java
- Source: code_injection.yml
The use of external input in scripting functions is bad security practice as it could lead to code injection attacks, where an attacker passes malicious code, that is then run by the application with potentially harmful results.
❌ Never pass raw user input to functions and methods that are dynamically invoked
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_lang_code_injection
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_lang_code_injection
Ready to take the next step? Learn more about Bearer Cloud.