SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Due to its platform independence, flexibility and relative simplicity, extensible markup language (XML) has been widely adopted in a wide variety of applications, from remote procedure calls to data storage. However, because of its versatility, XML is vulnerable to attacks which change the structure of the document. These attacks can be broadly classified into two types: XML Injection and XPath Injection.

XPath injection occurs when an XML document is used for data storage in a manner similar to a relational database. This way, an XPath injection is similar to an SQL injection attack, where an attack is able to include query logic in a data field in such a way the the conditional field of the query resolves as a tautology or otherwise gives the attacker access to information it should not be entitled to.

XPath Injection Example

TODO

Noncompliant Code Example

XML Injection may occur when:

  • Data is read from an untrusted source (such as user input)
  • Data is subsequently written to an XML document without proper sanitization.
// Vulnerable code will go here

Compliant Solution

XML and XPath injection can be prevented with many of the same methods used to prevent SQL injection, and input sanitization in general. These methods include:

  • Assume all input may include an attack.
  • When validating user input, verify the data type, length, format and contents. For example, construct a regular expression that checks for XML tags and special characters in user input.
  • In a client-server application, perform validation at both the client and server.
  • Extensively test applications which supply user input.
//Compliant Solution will go here

Risk Assessment

Failing to validate user input may result in a Java application being seriously compromised.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO06-J

medium

probable

high

P4

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C Secure Coding Standard as STR02-C. Sanitize data passed to complex subsystems.

This rule appears in the C++ Secure Coding Standard as STR02-CPP. Sanitize data passed to complex subsystems.

References

  • No labels