gitlab.find_sec_bugs.BEAN_PROPERTY_INJECTION-1

unknown
Download Count*
MIT
License

An attacker can set arbitrary bean properties that can compromise system integrity. An attacker can leverage this functionality to access special bean properties like class.classLoader that will allow them to override system properties and potentially execute arbitrary code.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: find_sec_bugs.BEAN_PROPERTY_INJECTION-1
    patterns:
      - pattern-inside: $TYPE $FUNC(..., HttpServletRequest $REQ, ...) { ... }
      - pattern-either:
          - pattern: |
              $MAP.put(..., $REQ.getParameter(...));
              ...
              $BEAN_UTIL.populate(..., $MAP);
          - pattern: |
              while (...) {
                  ...
                  $MAP.put(..., $REQ.getParameterValues(...));
              }
              ...
              $BEAN_UTIL.populate(..., $MAP);
      - metavariable-pattern:
          metavariable: $BEAN_UTIL
          pattern-either:
            - pattern: (BeanUtilsBean $B)
            - pattern: new BeanUtilsBean()
            - pattern: org.apache.commons.beanutils.BeanUtils
    message: >
      An attacker can set arbitrary bean properties that can compromise system
      integrity. An

      attacker can leverage this functionality to access special bean properties like

      class.classLoader that will allow them to override system properties and potentially execute

      arbitrary code.
    languages:
      - java
    severity: ERROR
    metadata:
      category: security
      cwe: "CWE-15: External Control of System or Configuration Setting"
      technology:
        - java
      primary_identifier: find_sec_bugs.BEAN_PROPERTY_INJECTION-1
      secondary_identifiers:
        - name: Find Security Bugs-BEAN_PROPERTY_INJECTION
          type: find_sec_bugs_type
          value: BEAN_PROPERTY_INJECTION
      license: MIT