hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
bc8e61366b7f3dc4f16d2eafefdec8a04e3bcbe5
codeql/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql
Anders Schack-Mulligen 99c9524639 Java: Make XssSink extensible.
2020-08-11 13:09:27 +02:00

30 lines
972 B
Plaintext
Raw Blame History

/**
* @name Cross-site scripting from local source
* @description Writing user input directly to a web page
* allows for a cross-site scripting vulnerability.
* @kind path-problem
* @problem.severity recommendation
* @precision medium
* @id java/xss-local
* @tags security
* external/cwe/cwe-079
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.XSS
import DataFlow::PathGraph
class XSSLocalConfig extends TaintTracking::Configuration {
XSSLocalConfig() { this = "XSSLocalConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
}
from DataFlow::PathNode source, DataFlow::PathNode sink, XSSLocalConfig conf
where conf.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
source.getNode(), "user-provided value"
Reference in New Issue View Git Blame Copy Permalink