File tree Expand file tree Collapse file tree
semmle/code/java/security Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -25,6 +25,8 @@ class XSSConfig extends TaintTracking::Configuration {
2525
2626 override predicate isSanitizer ( DataFlow:: Node node ) { node instanceof XssSanitizer }
2727
28+ override predicate isSanitizerOut ( DataFlow:: Node node ) { node instanceof XssSinkBarrier }
29+
2830 override predicate isAdditionalTaintStep ( DataFlow:: Node node1 , DataFlow:: Node node2 ) {
2931 any ( XssAdditionalTaintStep s ) .step ( node1 , node2 )
3032 }
Original file line number Diff line number Diff line change @@ -15,6 +15,12 @@ abstract class XssSink extends DataFlow::Node { }
1515/** A sanitizer that neutralizes dangerous characters that can be used to perform a XSS attack. */
1616abstract class XssSanitizer extends DataFlow:: Node { }
1717
18+ /**
19+ * A sink that represent a method that outputs data without applying contextual output encoding,
20+ * and which should truncate flow paths such that downstream sinks are not flagged as well.
21+ */
22+ abstract class XssSinkBarrier extends XssSink { }
23+
1824/**
1925 * A unit class for adding additional taint steps.
2026 *
You can’t perform that action at this time.
0 commit comments