Merge pull request #13745 from GeekMasher/py-mad-xss

Python - Add Models as Data support for Reflected XSS Query
2026-04-25 16:55:19 +02:00 · 2023-07-18 13:39:17 +02:00
parent 1deacf40ca 6ef55aa14f
commit a1aa16f901
2 changed files with 14 additions and 0 deletions
--- a/python/ql/lib/change-notes/2023-07-13-mad-xss.md
+++ b/python/ql/lib/change-notes/2023-07-13-mad-xss.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Add support for Models as Data for Reflected XSS query
--- a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll
@@ -7,6 +7,7 @@
 private import python
 private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.Concepts
+private import semmle.python.frameworks.data.ModelsAsData
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards

@@ -43,6 +44,15 @@ module ReflectedXss {
   */
  class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }

+  /**
+   * A data flow sink for "reflected cross-site scripting" vulnerabilities.
+   */
+  private class SinkFromModel extends Sink {
+    SinkFromModel() {
+      this = ModelOutput::getASinkNode(["html-injection", "js-injection"]).asSink()
+    }
+  }
+
  /**
   * The body of a HTTP response that will be returned from a server, considered as a flow sink.
   */