Scala Spring Plaintext Storage Sensitive Data
Description
Detects when sensitive data like passwords are stored in plaintext using Spring framework methods in Scala applications. This represents a security risk since storing unencrypted sensitive information makes it vulnerable to unauthorized access if the storage is compromised.
Detection Strategy
• Checks if Spring Boot framework is imported in the codebase
• Identifies unsafe update operations that may store plaintext sensitive data
• Detects direct string assignments that may contain sensitive information
• Looks for save operations where password or credential data is stored without encryption
• Reports a vulnerability when any sensitive data storage is done without proper encryption through Spring methods
Vulnerable code example
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.web.bind.annotation.*;
@RestController
public class UserController {
private JdbcTemplate jdbcTemplate;
...✅ Secure code example
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.web.bind.annotation.*;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.beans.factory.annotation.Autowired;
@RestController
public class UserController {
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.