-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathXpathInjection.qhelp
More file actions
37 lines (32 loc) · 1.05 KB
/
XpathInjection.qhelp
File metadata and controls
37 lines (32 loc) · 1.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>
If an XPath expression is built using string concatenation, and the components of the concatenation
include user input, it makes it very easy for a user to create a malicious XPath expression.
</p>
</overview>
<recommendation>
<p>
If user input must be included in an XPath expression, either sanitize the data or use variable
references to safely embed it without altering the structure of the expression.
</p>
</recommendation>
<example>
<p>
The following example uses the <code>nokogiri</code>, <code>rexml</code> and <code>libxml</code> XML parsers to parse a string <code>xml</code>.
Then the xpath query is controlled by the user and hence leads to a vulnerability.
</p>
<sample src="examples/XPathBad.rb"/>
<p>
To guard against XPath Injection attacks, the user input should be sanitized.
</p>
<sample src="examples/XPathGood.rb"/>
</example>
<references>
<li>
OWASP:
<a href="https://owasp.org/www-community/attacks/XPATH_Injection">XPath injection</a>.
</li>
</references>
</qhelp>