Add Next.js router push as XSS sink

2026-05-02 12:15:17 +02:00 · 2023-04-08 18:18:34 +09:00
parent 5ee9711f03
commit 7f9b8557ac
4 changed files with 87 additions and 0 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
@@ -231,6 +231,8 @@ module ClientSideUrlRedirect {
    NextRoutePushUrlSink() {
      this = NextJS::nextRouter().getAMemberCall(["push", "replace"]).getArgument(0)
    }
+
+    override predicate isXssSink() { any() }
  }

  private class SinkFromModel extends Sink {