Insecure servlet handling High

Usage of servlet methods that may expose the application to XSS and injection attacks by concatenating or using user input without proper validation or sanitization.

Detector ID

scala/insecure-servlet-handling@v1.0

Category

Security

Common Weakness Enumeration (CWE)

CWE-20

Tags

# owasp-top10

Noncompliant example

1override protected def nonCompliant(req: HttpServletRequest, resp: HttpServletResponse): Unit = {
2  useParameters(req)
3  // Noncompliant: Unsanitized user input is used
4  resp.getWriter.print("<!--" + req.getContentType + "-->")
5  resp.getWriter.print("<!--" + req.getQueryString + "-->")
6  val referrer = req.getHeader("Referer") //Should have a higher priority
7  if (referrer != null && referrer.startsWith("http://company.ca")) {
8    req.getHeader("Host")
9    req.getHeader("User-Agent")
10    req.getHeader("X-Requested-With")
11  }
12}

Compliant example

1override def compliant(request: HttpServletRequest, response: HttpServletResponse): Unit = {
2    val inputParam = request.getParameter("param")
3    if (inputParam != null && !inputParam.isEmpty && inputParam.matches("[a-zA-Z0-9]+")) {
4        // Sanitize the input using Encode.forHtml
5        val sanitizedParam = Encode.forHtml(inputParam)
6        // Use the sanitizedParam safely
7        // Compliant: User input is sanitized
8        response.getWriter.println(s"Sanitized input: $sanitizedParam")
9    } else {
10        response.getWriter.println("Invalid input")
11    }
12}

Q

Detector Library

Scala detectors (28/28)

Insecure servlet handling High

Noncompliant example

Compliant example