Improper Control of Generation of Code ('Code Injection')

scala.templateinjection.scala_templateinjection_rule_templateinjection

Severity

high

Resource

Templateinjection

Language

Scala

Description

A malicious user in control of a template can run malicious code on the server-side. Velocity templates should be seen as scripts.

Rationale

A malicious user in control of a template can run malicious code on the server-side. Velocity templates should be seen as scripts.

The following code illustrates a vulnerable pattern detected by this rule:

  Velocity.init
  val context = new VelocityContext
  context.put("author", "Elliot A.")
  context.put("address", "217 E Broadway")
  context.put("phone", "555-1337")
  val file = new FileInputStream(inputFile)
  //Evaluate
  val swOut = new StringWriter
  // VULNERABLE: Improper Control of Generation of Code ('Code Injection')
  Velocity.evaluate(context, swOut, "test", file.toString)
  val result = swOut.getBuffer.toString
  System.out.println(result)
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-94
OWASP Top 10 2021 - A03 : Injection.