JS: Port StoredXss

2026-03-05 15:16:47 +01:00 · 2023-10-04 21:31:50 +02:00
parent 46b90e51fc
commit 5f05232e02
4 changed files with 90 additions and 51 deletions
--- a/javascript/ql/src/Security/CWE-079/StoredXss.ql
+++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql
@@ -14,9 +14,9 @@

 import javascript
 import semmle.javascript.security.dataflow.StoredXssQuery
-import DataFlow::PathGraph
+import StoredXssFlow::PathGraph

-from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
+from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink
+where StoredXssFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "Stored cross-site scripting vulnerability due to $@.",
  source.getNode(), "stored value"