Scala Spring Use Unvalidated Forwards
Description
Detects unvalidated forwards in Scala Spring applications which could lead to path traversal vulnerabilities. When user-controlled input is used in forward operations without proper validation, attackers may be able to access files and resources outside the intended directory structure.
Detection Strategy
• Search for Spring framework imports and controller methods with mapping annotations (@RequestMapping, etc.)
• Identify method implementations that use forward operations with unvalidated user input
• Flag methods where the forward destination path comes from request parameters or other user-controlled sources without proper validation
• Report vulnerabilities when forward operations could allow directory traversal through unvalidated paths
Vulnerable code example
import org.springframework.stereotype.Controller
import org.springframework.web.bind.annotation._
@Controller
class VulnerableController {
@GetMapping("/forward")
def forward(@RequestParam page: String): String = {
"forward:" + page // Vulnerable: Unvalidated user input used in forward string...✅ Secure code example
import org.springframework.stereotype.Controller
import org.springframework.web.bind.annotation._
@Controller
class SecureController {
@GetMapping("/forward")
def forward(@RequestParam page: String): String = {
val allowedPages = Map( // Define allowlist of valid forward destinations...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.