XSS: expose extension point for defining barrier sinks

2025-12-24 04:36:35 +01:00 · 2021-06-25 14:40:18 +01:00
parent 10a6089739
commit 3e7ea34054
2 changed files with 8 additions and 0 deletions
--- a/java/ql/src/Security/CWE/CWE-079/XSS.ql
+++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql
@@ -25,6 +25,8 @@ class XSSConfig extends TaintTracking::Configuration {

  override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer }

+  override predicate isSanitizerOut(DataFlow::Node node) { node instanceof XssSinkBarrier }
+
  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
    any(XssAdditionalTaintStep s).step(node1, node2)
  }