Kotlin Spring Kotlin Resource Injection
Description
Spring Resource Injection vulnerability occurs when user-controlled input can influence file or resource access paths in Spring controllers, potentially allowing attackers to access unauthorized files or resources on the server. This can lead to information disclosure or denial of service if not properly validated.
Detection Strategy
• Check if the application uses Spring framework by looking for Controller-related imports like @Controller, @RestController annotations
• Identify controller methods that perform resource access operations like file reads/writes
• Analyze if resource paths or names can be influenced by external input without proper validation
• Report when potentially dangerous resource access patterns are found in Spring controller endpoints
Vulnerable code example
package com.example.demo
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.PathVariable
import org.springframework.web.bind.annotation.RestController
@RestController
class ResourceController {...✅ Secure code example
package com.example.demo
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.PathVariable
import org.springframework.web.bind.annotation.RestController
@RestController
class ResourceController {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.