Scala Integer Overflow In Spring
Description
This detector identifies potential integer overflow vulnerabilities in Scala Spring applications. Integer overflows occur when arithmetic operations produce results that exceed the maximum value that can be stored in an integer data type, potentially leading to unexpected behavior, security bypasses, or denial of service attacks.
Detection Strategy
• Scans Scala source code files that import Spring Web annotation libraries (specifically org.springframework.web.bind.annotation package)
• Analyzes execution blocks within Spring-annotated methods (such as @RequestMapping, @GetMapping, @PostMapping endpoints)
• Identifies arithmetic operations or calculations that could potentially overflow integer bounds
• Reports vulnerabilities when integer operations are found that lack proper bounds checking or overflow protection in Spring controller methods
Vulnerable code example
import org.springframework.web.bind.annotation._
@RestController
class OrderController {
@GetMapping("/total")
def total(@RequestParam quantity: String, @RequestParam price: String): String = {
val q = quantity.toInt...✅ Secure code example
import org.springframework.web.bind.annotation._
@RestController
class OrderController {
@GetMapping("/total")
def total(@RequestParam quantity: String, @RequestParam price: String): String = {
val q = quantity.toInt...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.