github-actions[bot]
commented
2 years ago apache/cxf
| - | source | sink | - | - | - |
|---|---|---|---|---|---|
| buffer | getInputStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getInputStream(...) | user-provided value |
| buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
| buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
| buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
| buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
| buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
| buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
| buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
| buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
| buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
| buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
| buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
| buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
| completeAuthentication(...) | oidcContext : OidcClientTokenContext | completeAuthentication(...) | Cross-site scripting vulnerability due to $@. | oidcContext | user-provided value |
| build(...) | oidcContext : OidcClientTokenContext | build(...) | Cross-site scripting vulnerability due to $@. | oidcContext | user-provided value |
Query
Click to expand
```ql /** * @name Cross-site scripting * @description Writing user input directly to a web page * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error * @security-severity 6.1 * @precision high * @id java/xss * @tags security * external/cwe/cwe-079 */ import java import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.XSS import DataFlow::PathGraph class XSSConfig extends TaintTracking::Configuration { XSSConfig() { this = "XSSConfig" } override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer } override predicate isSanitizerOut(DataFlow::Node node) { node instanceof XssSinkBarrier } override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { any(XssAdditionalTaintStep s).step(node1, node2) } } from DataFlow::PathNode source, DataFlow::PathNode sink, XSSConfig conf where conf.hasFlowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.", source.getNode(), "user-provided value" ```Results