hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f42ed1e3ad4e18fadaca0f6daba9675bb993ef6d
codeql/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql
Erik Krogh Kristensen 69353bb014 patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00

31 lines
998 B
Plaintext
Raw Blame History

/**
* @name Cross-site scripting from local source
* @description Writing user input directly to a web page
* allows for a cross-site scripting vulnerability.
* @kind path-problem
* @problem.severity recommendation
* @security-severity 6.1
* @precision medium
* @id java/xss-local
* @tags security
* external/cwe/cwe-079
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.XSS
import DataFlow::PathGraph
class XssLocalConfig extends TaintTracking::Configuration {
XssLocalConfig() { this = "XSSLocalConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
}
from DataFlow::PathNode source, DataFlow::PathNode sink, XssLocalConfig conf
where conf.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.",
source.getNode(), "user-provided value"
Reference in New Issue View Git Blame Copy Permalink