Potential code injection when using GroovyShell
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: java-security/groovyshell-code-injection
Language: Java
Severity: Warning
Category: Security
CWE: 94
Description
An expression for GroovyScript is built with a dynamic value. The source should be checked and filtered to prevent any user-input from the script.
Learn More
Non-Compliant Code Examples
class MyClass {
public void evaluateScript(String script) {
GroovyShell shell = new GroovyShell();
shell.evaluate(script);
foo = shell.evaluate(script);
shell.evaluate("foo" + script);
shell.evaluate(script + "foo");
}
}
Compliant Code Examples
class MyClass {
public void evaluateScript(String script) {
GroovyShell shell = new GroovyShell();
shell.evaluate(checkScript(script));
}
}
Seamless integrations. Try Datadog Code Analysis