search
ProductsBook A DemoContact Us

Unsanitized user input in AWS query

hashtag
Overview

  • Rule ID: java_third_parties_aws_query_injection

  • Applicable Languages: Java

  • Weakness ID: CWE-943

hashtag
Description

Including unsanitized data, such as user input or request data, in raw queries makes your application vulnerable to injection attacks.

hashtag
Remediation Guidelines

  • Always sanitize user input, especially if it will be used in database queries. Sanitization should include the removal of special characters (such as ' or ") that could be used to manipulate the query's semantics.

  • Validate user input to ensure it meets the expected format and length wherever possible.

  • Use parameterized queries instead of concatenating user input directly into the query string. This separates query logic from user input, which is best practice and, in the case of AWS SimpleDB, allows for internal parameterization and sanitization through SelectRequest.

    // query logic
public static SelectResult executeQuery(String query, String itemName) {
    AmazonSimpleDB simpleDBClient = AmazonSimpleDBClientBuilder.defaultClient();
    SelectRequest selectRequest = new SelectRequest(query, true).withNextToken(itemName);

    return simpleDBClient.select(selectRequest);
  }

public static void selectItem(String itemName) { // itemName is dynamic and could be malicious
  // parameterized query string
  String query = "select * from items where itemName = ?";

  SelectResult result = executeQuery(query, itemName);
  ...
 }

hashtag
References

hashtag
Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOLarrow-up-right

PreviousUnsanitized user input in Access-Control-Allow-OriginNextUnsanitized user input in code generation

Last updated