gitlab.find_sec_bugs.EL_INJECTION-1

unknown
Download Count*
MIT
License

An expression is built with a dynamic value. The source of the value(s) should be verified to avoid that unfiltered values fall into this risky code evaluation.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: find_sec_bugs.EL_INJECTION-1
    patterns:
      - pattern-inside: |
          $FUNC(..., String $EXPR, ...) {
            ...
            ELContext $CTX = ...;
            ...
          }
      - pattern-either:
          - pattern: (ExpressionFactory $EXP).createValueExpression((ELContext $CTX), $EXPR,
              ...)
          - pattern: (ExpressionFactory $EXP).createMethodExpression((ELContext $CTX),
              $EXPR, ...)
    message: >
      An expression is built with a dynamic value. The source of the value(s)
      should be verified to

      avoid that unfiltered values fall into this risky code evaluation.
    languages:
      - java
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-94: Improper Control of Generation of Code ('Code Injection')"
      technology:
        - java
      primary_identifier: find_sec_bugs.EL_INJECTION-1
      secondary_identifiers:
        - name: Find Security Bugs-EL_INJECTION
          type: find_sec_bugs_type
          value: EL_INJECTION
      license: MIT