commonly-used-taint-config.sink.injection.spring-framework.spel-inejction.README.adoc Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of tai-e Show documentation
Show all versions of tai-e Show documentation
An easy-to-learn/use static analysis framework for Java
The newest version!
= Description
- **Overview**:
These APIs are methods from the Spring Framework used to parse expression strings and generate corresponding expression objects. SPEL (Spring Expression Language) is a more powerful expression language than JSP's EL, offering capabilities such as method calls and basic string templating.
- **Common Use Cases**:
These APIs are commonly used to parse expression strings and generate corresponding expression objects, which may later be evaluated within a specific context.
- **Security Risks**:
RCE (Remote Code Execution): If attackers can manipulate the input SpEL expressions without restrictions, evaluating the expression in the default context may lead to remote code execution vulnerabilities.
© 2015 - 2025 Weber Informatics LLC | Privacy Policy