Scala Unsafe Xpath Injection
Description
Detects potential XPath injection vulnerabilities in Scala code when user-controlled input is passed unsanitized to XPath evaluate() functions. This could allow attackers to manipulate XPath queries and potentially access unauthorized XML data or cause denial of service.
Detection Strategy
• Check if javax.xml.xpath package is imported in the source code
• Identify calls to XPath evaluate() function
• Determine if evaluate() parameters contain user-controlled or unsanitized input
• Report vulnerability when evaluate() is called with untrusted data without proper input validation or sanitization
Vulnerable code example
import javax.xml.xpath.XPathFactory
import javax.xml.parsers.DocumentBuilderFactory
class XPathExample {
val xml = "<users><user><name>admin</name></user></users>"
val doc = DocumentBuilderFactory.newInstance()
.newDocumentBuilder()
.parse(new java.io.ByteArrayInputStream(xml.getBytes))...✅ Secure code example
import javax.xml.xpath.XPathFactory
import javax.xml.parsers.DocumentBuilderFactory
class XPathExample {
val xml = "<users><user><name>admin</name></user></users>"
val doc = DocumentBuilderFactory.newInstance()
.newDocumentBuilder()
.parse(new java.io.ByteArrayInputStream(xml.getBytes))...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.