securitylab: Java: CWE-652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')

CVE

There is no CVE for this.

Report

This query add XQuery Injection sinks.

String name = request.getParameter("name");
XQDataSource ds = new SaxonXQDataSource();
XQConnection conn = ds.getConnection();
String query = "for $user in doc(\"users.xml\")/Users/User[name='" + name + "'] return $user/password";
XQPreparedExpression xqpe = conn.prepareExpression(query);
XQResultSequence result = xqpe.executeQuery();

Added CWE-652.

please check:

codeql/java/ql/src/Security/CWE/CWE-652/*

Result(s)

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 24 (8 by maintainers)

Most upvoted comments

I wrote a blog of detecting XQuery injection with CodeQL, just for reference

+2
haby0 on Mar 19, 2021
Read more comments on GitHub
← securitylab: [Java]: CWE-552 Add sources and sinks to detect unsafe getResource calls in Java EE applications
smimesign: macOS Big Sur: smimesign v0.1.0: Invalid Signatures →