hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add utility functions definining XSS-vulnerable content-types

Browse Source
This commit is contained in:
Chris Smowton
2021-06-25 14:49:46 +01:00
parent 450eebcd40
commit 10714211c6
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
java/ql/src/semmle/code/java/security/XSS.qll
View File

@@ -150,3 +150,20 @@ class ServletWriterSource extends MethodAccess {
)
}
}
/**
* Holds if `s` is an HTTP Content-Type vulnerable to XSS.
*/
bindingset[s]
predicate isXssVulnerableContentType(string s) {
s.regexpMatch("(?i)text/(html|xml|xsl|rdf|vtt|cache-manifest).*") or
s.regexpMatch("(?i)application/(.*\\+)?xml.*") or
s.regexpMatch("(?i)cache-manifest.*") or
s.regexpMatch("(?i)image/svg\\+xml.*")
}
/**
* Holds if `s` is an HTTP Content-Type that is not vulnerable to XSS.
*/
bindingset[s]
predicate isXssSafeContentType(string s) { not isXssVulnerableContentType(s) }