Unsanitized user input in XPath

Description

Unsanitized input going into XPath evaluate detected. This could lead to xpath injection if variables passed into the evaluate or compile commands are not properly sanitized. Xpath injection could lead to unauthorized access to sensitive information in XML documents. Instead, thoroughly sanitize user input or use parameterized xpath queries if you can.

Remediations

✅ Sanitize XPATH queries

  public class Cls extends HttpServlet
{

public void handleRequest(HttpServletRequest request, HttpServletResponse response)
{
String userID = request.getParameter("userID");
String sanitizedUserID = sanitize(userID);

javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
javax.xml.xpath.XPath xp = xpf.newXPath();

String expression = "/Users/User[@userID='" + sanitizedUserID + "']";
String result = xp.evaluate(expression, xmlDocument);
}
}

References

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_xpath_injection

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_xpath_injection

Ready to take the next step? Learn more about Bearer Cloud.