Expression injection (OGNL)
Description
A expression is built with a dynamic value. The source of the value(s) should be verified to avoid that unfiltered values fall into this risky code evaluation.
Examples
Insecure Code
scala
def example(userInput: String) = {
com.opensymphony.xwork2.util.TextParseUtil.translateVariables(userInput)
}Secure Code
scala
def example(userInput: String) = {
val sanitizedInput = userInput.replaceAll("[^a-zA-Z0-9]","")
com.opensymphony.xwork2.util.TextParseUtil.translateVariables(sanitizedInput)
}Remediation
Validate and sanitize user input to prevent unfiltered values from being used in the expression evaluation.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0049 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-917 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | injection, ognl, struts |
| OWASP | N/A |