hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2139b9762864ab5d16a1c90d7cad438510eebdbc
codeql/rust/ql/src/queries/security/CWE-079/XSS.ql
Owen Mansel-Chan f58a6e5d3a Change @security-severity for XSS queries from 6.1 to 7.8
2026-03-13 10:01:02 +00:00

43 lines
1.2 KiB
Plaintext
Raw Blame History

/**
* @name Cross-site scripting
* @description Writing user input directly to a webpage
* allows for a cross-site scripting vulnerability.
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
* @precision high
* @id rust/xss
* @tags security
* external/cwe/cwe-079
* external/cwe/cwe-116
*/
import rust
import codeql.rust.dataflow.DataFlow
import codeql.rust.dataflow.TaintTracking
import codeql.rust.security.XssExtensions
/**
* A taint configuration for tainted data that reaches an XSS sink.
*/
module XssConfig implements DataFlow::ConfigSig {
import Xss
predicate isSource(DataFlow::Node node) { node instanceof Source }
predicate isSink(DataFlow::Node node) { node instanceof Sink }
predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier }
predicate observeDiffInformedIncrementalMode() { any() }
}
module XssFlow = TaintTracking::Global<XssConfig>;
import XssFlow::PathGraph
from XssFlow::PathNode sourceNode, XssFlow::PathNode sinkNode
where XssFlow::flowPath(sourceNode, sinkNode)
select sinkNode.getNode(), sourceNode, sinkNode, "Cross-site scripting vulnerability due to a $@.",
sourceNode.getNode(), "user-provided value"
Reference in New Issue View Git Blame Copy Permalink