hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add MaD to XSS query

Browse Source
This commit is contained in:
Mathew Payne
2023-07-14 12:25:54 +01:00
parent cafc67e3be
commit c292984338
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/lib/semmle/python/security/dataflow/ReflectedXSSCustomizations.qll
View File

@@ -7,6 +7,7 @@
private import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.Concepts
private import semmle.python.frameworks.data.ModelsAsData
private import semmle.python.dataflow.new.RemoteFlowSources
private import semmle.python.dataflow.new.BarrierGuards
@@ -43,6 +44,13 @@ module ReflectedXss {
*/
class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }
/**
* A data flow sink for "reflected cross-site scripting" vulnerabilities.
*/
private class DefaultReflectedXss extends Sink {
DefaultReflectedXss() { this = ModelOutput::getASourceNode(["html-injection", "js-injection"]).asSource() }
}
/**
* The body of a HTTP response that will be returned from a server, considered as a flow sink.
*/