Template Injection High

Potential Template Injection vulnerability. User input is directly used in rendering or evaluating templates without proper validation or sanitization.

Detector ID

scala/template-injection@v1.0

Category

Security

Common Weakness Enumeration (CWE)

CWE-94

Tags

# injection

Noncompliant example

1class TemplateInjectionNoncompliant {
2  @throws[FileNotFoundException]
3  def nonCompliant(inputFile: String): Unit = {
4    Velocity.init
5    val context = new VelocityContext
6    context.put("author", "Elliot A.")
7    context.put("address", "217 E Broadway")
8    context.put("phone", "555-1337")
9    val file = new FileInputStream(inputFile)
10    val swOut = new StringWriter
11    // Noncompliant: User input is directly used in evaluating templates without proper validation or sanitization.
12    Velocity.evaluate(context, swOut, "test", file.toString)
13    val result = swOut.getBuffer.toString
14    System.out.println(result)
15  }
16}

Compliant example

1class TemplateInjectionCompliant {
2  @throws[IOException]
3  def compliant(inputFile: String): String = {
4    val engine = new PebbleEngine.Builder().build
5    var compiledTemplate: PebbleTemplate = null
6    val context = new HashMap[String, Object]
7    context.put("name", "Shivam")
8    val writer = new StringWriter
9    try {
10      // Compliant: User input is not directly used in any code.
11      compiledTemplate.evaluate(writer, context)
12    } catch {
13      case e: Exception =>
14        e.printStackTrace()
15        throw new IOException("Error while evaluating template", e)
16    }
17    writer.toString
18  }
19}

Q

Detector Library

Scala detectors (28/28)

Template Injection High

Noncompliant example

Compliant example