File tree Expand file tree Collapse file tree
csharp/ql/src/semmle/code/csharp Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -87,6 +87,7 @@ private module Frameworks {
8787 private import semmle.code.csharp.security.dataflow.flowsources.Local
8888 private import semmle.code.csharp.security.dataflow.flowsinks.Html
8989 private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
90+ private import semmle.code.csharp.security.dataflow.XSS
9091}
9192
9293/**
Original file line number Diff line number Diff line change @@ -16,6 +16,7 @@ module XSS {
1616 import semmle.code.csharp.security.dataflow.flowsources.Remote
1717 private import semmle.code.csharp.dataflow.DataFlow2
1818 private import semmle.code.csharp.dataflow.TaintTracking2
19+ private import semmle.code.csharp.dataflow.ExternalFlow
1920
2021 /**
2122 * Holds if there is tainted flow from `source` to `sink` that may lead to a
@@ -119,6 +120,10 @@ module XSS {
119120 string explanation ( ) { none ( ) }
120121 }
121122
123+ private class ExternalXssSink extends Sink {
124+ ExternalXssSink ( ) { sinkNode ( this , "xss" ) }
125+ }
126+
122127 /**
123128 * A data flow source for cross-site scripting (XSS) vulnerabilities.
124129 */
@@ -406,12 +411,9 @@ module XSS {
406411 /**
407412 * An expression passed as the `content` argument to the constructor of `StringContent`.
408413 */
409- private class StringContent extends Sink {
410- StringContent ( ) {
411- this .getExpr ( ) =
412- any ( ObjectCreation oc |
413- oc .getTarget ( ) .getDeclaringType ( ) .hasQualifiedName ( "System.Net.Http" , "StringContent" )
414- ) .getArgumentForName ( "content" )
414+ private class StringContentSinkModelCsv extends SinkModelCsv {
415+ override predicate row ( string row ) {
416+ row = [ "System.Net.Http;StringContent;false;StringContent;;;Argument[0];xss" ]
415417 }
416418 }
417419}
You can’t perform that action at this time.
0 commit comments