Merge pull request #4172 from rvermeulen/java/xss-sink-extensible

Java: Customizable XSS analysis
2025-12-22 03:36:30 +01:00 · 2020-09-01 09:27:50 +02:00
parent 35494ab97c 2bdd3d7712
commit beca44ec2f
2 changed files with 35 additions and 6 deletions
--- a/java/ql/src/Security/CWE/CWE-079/XSS.ql
+++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql
@@ -22,8 +22,10 @@ class XSSConfig extends TaintTracking::Configuration {

  override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }

-  override predicate isSanitizer(DataFlow::Node node) {
-    node.getType() instanceof NumericType or node.getType() instanceof BooleanType
+  override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer }
+
+  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+    any(XssAdditionalTaintStep s).step(node1, node2)
  }
 }