ajinabraham.njsscan.xml.xpathi_node.node_xpath_injection
ajinabrahamAuthor
unknown
Download Count*
License
User controlled data in xpath.parse() can result in XPATH injection vulnerability.
Run Locally
Run in CI
Defintion
rules:
- id: node_xpath_injection
patterns:
- pattern-either:
- pattern-inside: function ($REQ, $RES, ...) {...}
- pattern-inside: function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
- pattern-either:
- pattern: |
$XPATH.parse(<... "=~/^[\/\/].+/" + $REQ.$QUERY.$VAR ...>, ...)
- pattern: |
$XPATH.parse(<... "=~/^[\/\/].+/" + $REQ.$PARAM ...>, ...)
- pattern: |
$XPATH.parse(<... "=~/^[\/\/].+/" + $REQ.$PARAM["..."] ...>, ...)
- pattern: |
$XPATH.parse(<... "=~/^[\/\/].+/" + $REQ.$PARAM("...") ...>, ...)
- pattern: |
$XPATH.parse(<... "=~/^[\/\/].+/" + $REQ["..."] ...>, ...)
- pattern: |
$XPATH.parse(<... "=~/^[\/\/].+/" + $REQ("...") ...>, ...)
- pattern: |
$INP = <... $REQ.$QUERY.$VAR ...>;
...
$XPATH.parse(<... "=~/^[\/\/].+/" + $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$PARAM ...>;
...
$XPATH.parse(<... "=~/^[\/\/].+/" + $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$PARAM["..."] ...>;
...
$XPATH.parse(<... "=~/^[\/\/].+/" + $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$PARAM("...") ...>;
...
$XPATH.parse(<... "=~/^[\/\/].+/" + $INP ...>, ...)
- pattern: |
$INP = <... $REQ["..."] ...>;
...
$XPATH.parse(<... "=~/^[\/\/].+/" + $INP ...>, ...)
- pattern: |
$INP = <... $REQ("...") ...>;
...
$XPATH.parse(<... "=~/^[\/\/].+/" + $INP ...>, ...)
message: User controlled data in xpath.parse() can result in XPATH injection
vulnerability.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a1
cwe: cwe-643
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/5zOA