Unsanitized user input in 'eval' type function
Last updated
Last updated
Rule ID: java_lang_eval_using_user_input
Applicable Languages: Java
Weakness ID: CWE-95
Using 'eval' or similar functions with unsanitized user input poses a significant security risk. This can result in command injection attacks, enabling attackers to execute arbitrary code within your application.
Avoid using eval
or similar functions with user-supplied data, as this can make your application vulnerable to severe security risks.
Always validate and sanitize all user input before incorporating it into your code, ensuring inputs comply with a strict set of rules.
Opt for safer alternatives to eval
for dynamic code execution needs, using functions that do not run user-supplied data as code.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our