applying security to application's code input page

Question

We have a grails-groovy(right now version 1.3.7) based application with Oracle 11g database. We have to make it OWASP complaint so we are thinking of all possible security enhancements/plugins. The main issue is here: We have a create email template feature in our application where a user can create a new email template and save it. The Use has to write code manually in this template page to create the template. (The implementation is done we need to secure it!) The code consists of

1) groovy code
2) grails tags
3) SQL select queries (we can restrict the user to readonly so that no Insert and Delete etc are available)
4) HTML tags
The template is used by the application where it compiles, executes and applies the template to emails before sending them out.

I know about markup-sanitizer plugin and the HDIV api and thinking about them, but how Can I secure this feature more?

Answer 1

I guess this is a feature where you have to trust your users. From my point of view, you can't sanitize this kind of markup - there are too many ways how to inject malicious code. (See book "Writing Secure Code")

When it comes to OWASP, you always have to analyze the threat: how likely is an attack and how much harm can be done. If only admins (which you trust) have access to this template engine, then I guess the risk is low.

Otherwise you have to create a template generator instead of a free-form templates. But even this sounds from your description to be a big effort since you would need an SQL query builder and some kind of template builder.

So I guess you should try to redefine the requirement in such a way that a secure implementation is possible.