Java: Deprecate the content of XssLocalQuery and remove the Xss local query variant.

2026-03-05 15:16:47 +01:00 · 2024-04-30 10:35:37 +02:00
parent 3a2b0a2feb
commit e0c2a43780
3 changed files with 4 additions and 28 deletions
--- a/java/ql/src/Security/CWE/CWE-079/XSSLocal.qhelp
+++ b/java/ql/src/Security/CWE/CWE-079/XSSLocal.qhelp
@@ -1,5 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<include src="XSS.qhelp" /></qhelp>
--- a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql
@@ -1,21 +0,0 @@
-/**
- * @name Cross-site scripting from local source
- * @description Writing user input directly to a web page
- *              allows for a cross-site scripting vulnerability.
- * @kind path-problem
- * @problem.severity recommendation
- * @security-severity 6.1
- * @precision medium
- * @id java/xss-local
- * @tags security
- *       external/cwe/cwe-079
- */
-
-import java
-import semmle.code.java.security.XssLocalQuery
-import XssLocalFlow::PathGraph
-
-from XssLocalFlow::PathNode source, XssLocalFlow::PathNode sink
-where XssLocalFlow::flowPath(source, sink)
-select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
-  source.getNode(), "user-provided value"