Open github-actions[bot] opened 2 years ago
- | source | sink | - | - | - |
---|---|---|---|---|---|
buffer | getInputStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getInputStream(...) | user-provided value |
buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
buffer | getEntityStream(...) : InputStream | buffer | Cross-site scripting vulnerability due to $@. | getEntityStream(...) | user-provided value |
buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
buffer | is : InputStream | buffer | Cross-site scripting vulnerability due to $@. | is | user-provided value |
completeAuthentication(...) | oidcContext : OidcClientTokenContext | completeAuthentication(...) | Cross-site scripting vulnerability due to $@. | oidcContext | user-provided value |
build(...) | oidcContext : OidcClientTokenContext | build(...) | Cross-site scripting vulnerability due to $@. | oidcContext | user-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
url | getRequestURL(...) : StringBuffer | url | Cross-site scripting vulnerability due to $@. | getRequestURL(...) | user-provided value |
url | getQueryString(...) : String | url | Cross-site scripting vulnerability due to $@. | getQueryString(...) | user-provided value |
path | getPathInfo(...) : String | path | Cross-site scripting vulnerability due to $@. | getPathInfo(...) | user-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
outputBuffer | getHeaderNames(...) : Enumeration | outputBuffer | Cross-site scripting vulnerability due to $@. | getHeaderNames(...) | user-provided value |
outputBuffer | getHeaders(...) : Enumeration | outputBuffer | Cross-site scripting vulnerability due to $@. | getHeaders(...) | user-provided value |
Query
Click to expand
```ql /** * @name Cross-site scripting * @description Writing user input directly to a web page * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error * @security-severity 6.1 * @precision high * @id java/xss * @tags security * external/cwe/cwe-079 */ import java import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.XSS import DataFlow::PathGraph class XSSConfig extends TaintTracking::Configuration { XSSConfig() { this = "XSSConfig" } override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink } override predicate isSanitizer(DataFlow::Node node) { node instanceof XssSanitizer } override predicate isSanitizerOut(DataFlow::Node node) { node instanceof XssSinkBarrier } override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { any(XssAdditionalTaintStep s).step(node1, node2) } } from DataFlow::PathNode source, DataFlow::PathNode sink, XSSConfig conf where conf.hasFlowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to $@.", source.getNode(), "user-provided value" ```Results