Description

Detects unvalidated forward() calls in Java/Jakarta servlets that could allow attackers to perform unauthorized path traversal or access restricted resources. This vulnerability occurs when applications forward requests to server-side paths without proper validation of the destination path.

Detection Strategy

• Checks if Java/Jakarta Servlet related imports are present (javax.servlet.* or jakarta.servlet.*)

• Identifies RequestDispatcher.forward() method calls in servlet code

• Reports vulnerability when forward() is called since the destination path should be validated before forwarding

Vulnerable code example

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import java.io.IOException;

public class VulnerableServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) ...

✅ Secure code example

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import java.io.IOException;
import java.util.Set;

public class SecureServlet extends HttpServlet {...