...
XPath injection occurs when an XML document is used for data storage in a manner similar to a relational database. This way, an XPath injection is similar to an SQL injection attack, where an attack is able to include query logic in a data field in such a way the the conditional field of the query resolves as a tautology or otherwise gives the attacker access to information it should not be entitled to.
XPath Injection Example
Consider the following XML document being used as a database:
...
This will subsequently reveal all the records in the XML file
Noncompliant Code Example
XML Injection may occur when:
...
The evaluate function call will return a set of all nodes in the XML file, causing the login function to return true, and bypassing authorization.
Compliant Solution
XPath injection can be prevented with many of the same methods used to prevent SQL injection, and input sanitization in general. These methods include:
...
| Code Block | ||
|---|---|---|
| ||
//Compliant Solution will go here |
Risk Assessment
Failing to validate user input may result in a Java application being seriously compromised.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO06-J | medium | probable | high | P4 | L3 |
Automated Detection
TODO
Related Vulnerabilities
MSC36-J. Prevent XML Injection
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
...