Java Reference
In-Depth Information
Noncompliant Code Example
ThisnoncompliantcodeexampleincorporatesuntrusteduserinputintoaJavaScriptstate-
ment that is responsible for printing the input:
private static void evalScript(String firstName)
throws ScriptException {
ScriptEngineManager manager = new ScriptEngineManager();
ScriptEngine engine = manager.getEngineByName("javascript");
engine.eval("print('"+ firstName + "')");
}
An attacker can enter a specially crafted argument in an attempt to inject malicious
JavaScript. This example shows a malicious string that contains JavaScript code that can
create or overwrite an existing file on a vulnerable system.
dummy\');
var bw = new JavaImporter(java.io.BufferedWriter);
var fw = new JavaImporter(java.io.FileWriter);
with(fw) with(bw) {
bwr = new BufferedWriter(new FileWriter(\"config.cfg\"));
bwr.write(\"some text\"); bwr.close();
}
// ;
The script in this example prints “
dummy
” and then writes “
some text
” to a configura-
tion file called
config.cfg
. An actual exploit can execute arbitrary code.