forked from advanced-security/codeql-sap-js
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathXSJSReflectedXss.ql
More file actions
22 lines (18 loc) · 767 Bytes
/
XSJSReflectedXss.ql
File metadata and controls
22 lines (18 loc) · 767 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/**
* @name XSJS Reflected XSS
* @description Including uncontrolled value into a response body and setting it to
* a scriptable MIME type allows for cross-site scripting vulnerability.
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
* @precision medium
* @id js/xsjs-reflected-xss
* @tags security
*/
import javascript
import advanced_security.javascript.frameworks.xsjs.XSJSReflectedXssQuery
module ConfigurationFlow = TaintTracking::Global<Configuration>;
import ConfigurationFlow::PathGraph
from ConfigurationFlow::PathNode source, ConfigurationFlow::PathNode sink
where ConfigurationFlow::flowPath(source, sink)
select sink, source, sink, "Reflected XSS vulnerability due to $@.", source, "user-provided value"