gitlab.find_sec_bugs.SERVLET_PARAMETER-1.SERVLET_CONTENT_TYPE-1.SERVLET_SERVER_NAME-1.SERVLET_SESSION_ID-1.SERVLET_QUERY_STRING-1.SERVLET_HEADER-1.SERVLET_HEADER_REFERER-1.SERVLET_HEADER_USER_AGENT-1

unknown
Download Count*
MIT
License

The Servlet can read GET and POST parameters from various methods. The value obtained should be considered unsafe."

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: find_sec_bugs.SERVLET_PARAMETER-1.SERVLET_CONTENT_TYPE-1.SERVLET_SERVER_NAME-1.SERVLET_SESSION_ID-1.SERVLET_QUERY_STRING-1.SERVLET_HEADER-1.SERVLET_HEADER_REFERER-1.SERVLET_HEADER_USER_AGENT-1
    mode: taint
    pattern-sources:
      - pattern-either:
          - pattern: (javax.servlet.http.HttpServletRequest $REQ).getContentType(...)
          - pattern: (javax.servlet.http.HttpServletRequest $REQ).getServerName(...)
          - pattern: (javax.servlet.http.HttpServletRequest $REQ).getRequestedSessionId(...)
          - pattern: (javax.servlet.http.HttpServletRequest $REQ).getParameterValues(...)
          - pattern: (javax.servlet.http.HttpServletRequest $REQ).getParameterMap(...)
          - pattern: (javax.servlet.http.HttpServletRequest $REQ).getParameterNames(...)
          - pattern: (javax.servlet.http.HttpServletRequest $REQ).getParameter(...)
    pattern-sinks:
      - pattern-either:
          - pattern: '"..." + $PAR'
          - pattern: $PAR + "..."
    languages:
      - java
    message: |
      The Servlet can read GET and POST parameters from various methods. The
      value obtained should be considered unsafe."
    metadata:
      category: security
      cwe: "CWE-20: Improper Input Validation"
      primary_identifier: find_sec_bugs.SERVLET_PARAMETER-1.SERVLET_CONTENT_TYPE-1.SERVLET_SERVER_NAME-1.SERVLET_SESSION_ID-1.SERVLET_QUERY_STRING-1.SERVLET_HEADER-1.SERVLET_HEADER_REFERER-1.SERVLET_HEADER_USER_AGENT-1
      secondary_identifiers:
        - name: Find Security Bugs-SERVLET_PARAMETER
          type: find_sec_bugs_type
          value: SERVLET_PARAMETER
        - name: Find Security Bugs-SERVLET_CONTENT_TYPE
          type: find_sec_bugs_type
          value: SERVLET_CONTENT_TYPE
        - name: Find Security Bugs-SERVLET_SERVER_NAME
          type: find_sec_bugs_type
          value: SERVLET_SERVER_NAME
        - name: Find Security Bugs-SERVLET_SESSION_ID
          type: find_sec_bugs_type
          value: SERVLET_SESSION_ID
        - name: Find Security Bugs-SERVLET_QUERY_STRING
          type: find_sec_bugs_type
          value: SERVLET_QUERY_STRING
        - name: Find Security Bugs-SERVLET_HEADER
          type: find_sec_bugs_type
          value: SERVLET_HEADER
        - name: Find Security Bugs-SERVLET_HEADER_REFERER
          type: find_sec_bugs_type
          value: SERVLET_HEADER_REFERER
        - name: Find Security Bugs-SERVLET_HEADER_USER_AGENT
          type: find_sec_bugs_type
          value: SERVLET_HEADER_USER_AGENT
      license: MIT
    severity: WARNING