зеркало из https://github.com/github/codeql.git
Merge pull request #13745 from GeekMasher/py-mad-xss
Python - Add Models as Data support for Reflected XSS Query
This commit is contained in:
Коммит
a1aa16f901
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Add support for Models as Data for Reflected XSS query
|
|
@ -7,6 +7,7 @@
|
|||
private import python
|
||||
private import semmle.python.dataflow.new.DataFlow
|
||||
private import semmle.python.Concepts
|
||||
private import semmle.python.frameworks.data.ModelsAsData
|
||||
private import semmle.python.dataflow.new.RemoteFlowSources
|
||||
private import semmle.python.dataflow.new.BarrierGuards
|
||||
|
||||
|
@ -43,6 +44,15 @@ module ReflectedXss {
|
|||
*/
|
||||
class RemoteFlowSourceAsSource extends Source, RemoteFlowSource { }
|
||||
|
||||
/**
|
||||
* A data flow sink for "reflected cross-site scripting" vulnerabilities.
|
||||
*/
|
||||
private class SinkFromModel extends Sink {
|
||||
SinkFromModel() {
|
||||
this = ModelOutput::getASinkNode(["html-injection", "js-injection"]).asSink()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The body of a HTTP response that will be returned from a server, considered as a flow sink.
|
||||
*/
|
||||
|
|
Загрузка…
Ссылка в новой задаче