Java: Opt-in the XSS query to use threat model flow sources.

2026-03-04 14:46:48 +01:00 · 2023-10-04 10:48:09 +02:00
parent d258f69ab0
commit 5fd6dc3b87
1 changed files with 1 additions and 1 deletions
--- a/java/ql/lib/semmle/code/java/security/XssQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XssQuery.qll
@@ -9,7 +9,7 @@ import semmle.code.java.security.XSS
 * A taint-tracking configuration for cross site scripting vulnerabilities.
 */
 module XssConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }