hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

[DIFF-INFORMED] Go: ReflectedXss

Browse Source 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-079/ReflectedXss.ql#L23
This commit is contained in:
Nora Dimitrijević
2025-07-16 11:26:12 +02:00
parent 4b473622bc
commit 8c8625d912
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
go/ql/lib/semmle/go/security/ReflectedXss.qll
View File

@@ -22,6 +22,14 @@ module ReflectedXss {
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
result = sink.getLocation()
or
result = sink.(SharedXss::Sink).getAssociatedLoc().getLocation()
}
}
/** Tracks taint flow from untrusted data to XSS attack vectors. */