Code injection can occur when untrusted input is injected into dynamically constructed code. One obvious source of potential vulnerabilities is the use of JavaScript from Java code. The javax.script package both provides an API of interfaces and classes that define Java Scripting Engines scripting engines and also defines a framework for the use of those interfaces and classes in Java code. Misuse Misuse of the javax.script API permits an attacker to execute arbitrary code on the target system. Such errors are dangerous because violations of secure coding practices in dynamically generated code cannot be detected in advance through automated static analysis.
...
An alternative approach is to create a secure sandbox using a security manager. (See SEC60-JG. Create a secure sandbox using a Security Manager.) The application should prevent the script from executing arbitrary commands, including, for example, querying the local file system. The two-argument form of doPrivileged() can be used to lower privileges when the application must operate with higher privileges but the scripting engine must not. The RestrictedAccessControlContext strips the permissions granted in the default policy file by reducing the permissions granted to those of the newly created protection domain. The effective permissions are the intersection of the permissions of the newly created protection domain and the systemwide security policy. Refer to SEC50-JG. Avoid granting excess privileges for more details on the two-argument form.
...
Failure to prevent code injection can result in the execution of arbitrary code.
Bibliography
...