hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Do not discard XSS sinks when non-content-type headers are local to the sendArgument expression

Browse Source
This commit is contained in:
Alvaro Muñoz
2022-10-13 17:50:43 +02:00
parent 744cea9baa
commit 41fea776e8
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll
View File

@@ -97,6 +97,7 @@ module ReflectedXss {
// There is no dominating header, and `header` is non-local.
not isLocalHeaderDefinition(header) and
not exists(Http::HeaderDefinition dominatingHeader |
dominatingHeader.getAHeaderName() = "content-type" and
dominatingHeader.getBasicBlock().(ReachableBasicBlock).dominates(sender.getBasicBlock())
)
)