Unsanitized user input in code generation
Last updated
Last updated
Rule ID: java_lang_code_injection
Applicable Languages: Java
Weakness ID: CWE-94
Allowing user input to directly influence code generation or scripting functions without proper sanitization can result in code injection vulnerabilities. This occurs when attackers inject malicious code into your application, enabling unauthorized actions or unauthorized access to data when executed.
Avoid passing unsanitized user input to functions or methods that dynamically execute code.
Always validate or sanitize input to prevent the inclusion of harmful code before utilizing it in such contexts.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our