logo

Database

Scala Unsafe Xquery Injection

Description

Detects potential XML query injection vulnerabilities in Scala code where untrusted data is used in XQuery operations without proper sanitization. This can allow attackers to manipulate XML queries and potentially access or modify unauthorized data.

Weakness:

297 - SQL injection - Code

Category: Unexpected Injection

Detection Strategy

    Check if code imports javax.xml.xquery package

    Identify calls to executeQuery method

    Verify if the query parameters are directly using external/untrusted input without sanitization

    Report vulnerability when executeQuery is called with unsanitized parameters

Vulnerable code example

import javax.xml.xquery._
import net.xqj.basex.BaseXXQDataSource

val dataSource = new BaseXXQDataSource()
val conn = dataSource.getConnection()

def searchUser(username: String): Unit = {
  // VULNERABLE: Direct string concatenation of user input into XQuery...

✅ Secure code example

import javax.xml.xquery._
import javax.xml.namespace.QName
import net.xqj.basex.BaseXXQDataSource

val dataSource = new BaseXXQDataSource()
val conn = dataSource.getConnection()

def searchUser(username: String): Unit = {...