Description

Detects unvalidated forward() calls in Scala web applications where user-controlled input is used for request forwarding without proper validation. This can allow attackers to redirect requests to unintended destinations, potentially leading to security issues like information disclosure or phishing attacks.

Detection Strategy

• Application must use Java/Jakarta Servlet framework (imports javax.servlet or jakarta.servlet)

• Identifies calls to forward() method in the code

• Checks if the argument passed to forward() originates from user input (e.g., request parameters, headers)

• Verifies the user input is not properly validated or sanitized before use

• Reports a vulnerability when unvalidated user input flows into forward() calls

Vulnerable code example

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class VulnerableForwardServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) {
        String target = request.getParameter("page");  // User-controlled input
        request.getRequestDispatcher(target).forward(request, response);  // Vulnerable: unvalidated forward...

✅ Secure code example

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Map;
import java.util.HashMap;

public class SecureForwardServlet extends HttpServlet {
    // Whitelist of allowed page mappings...