XPATH injection threat detected

Rule ID: java_lang_xpath_injection
Languages: java
Source: xpath_injection.yml

Description

Unsanitized input going into XPath evaluate detected. This could lead to xpath injection if variables passed into the evaluate or compile commands are not properly sanitized. Xpath injection could lead to unauthorized access to sensitive information in XML documents. Instead, thoroughly sanitize user input or use parameterized xpath queries if you can.

Remediations

✅ Sanitize XPATH queries

  public class Cls extends HttpServlet
  {

      public void handleRequest(HttpServletRequest request, HttpServletResponse response)
      {
          String userID = request.getParameter("userID");
          String sanitizedUserID = sanitize(userID);

          javax.xml.xpath.XPathFactory xpf = javax.xml.xpath.XPathFactory.newInstance();
          javax.xml.xpath.XPath xp = xpf.newXPath();

          String expression = "/Users/User[@userID='" + sanitizedUserID + "']";
          String result = xp.evaluate(expression, xmlDocument);
      }
  }

References

XPATH Injection

Associated CWE

CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection')

OWASP Top 10

A03:2021 - Injection

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_xpath_injection

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_xpath_injection

Ready to take the next step? Learn more about Bearer Cloud.