ajinabraham.njsscan.xss.xss_node.express_xss
ajinabrahamAuthor
unknown
Download Count*
License
Untrusted User Input in Response will result in Reflected Cross Site Scripting Vulnerability.
Run Locally
Run in CI
Defintion
rules:
- id: express_xss
patterns:
- pattern-either:
- pattern-inside: function ($REQ, $RES, ...) {...}
- pattern-inside: function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
- pattern-either:
- pattern: |
$RES.write(..., <... $REQ.$QUERY ...>, ...)
- pattern: |
$RES.write(..., <... $REQ.$QUERY.$FOO ...>, ...)
- pattern: |
$RES.send(..., <... $REQ.$QUERY ...>, ...)
- pattern: |
$RES.send(..., <... $REQ.$QUERY.$FOO ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY ...>;
...
$RES.write(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY.$FOO ...>;
...
$RES.write(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY.$VAR ...>;
...
$RES.send(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY ...>;
...
$RES.send(..., <... $LOCALVAR ...>, ...)
- pattern: |
var {$LOCALVAR} = <... $REQ.$QUERY.$FOO ...>;
...
$RES.write(..., <... $LOCALVAR ...>, ...)
- pattern: |
var {$LOCALVAR} = <... $REQ.$QUERY.$VAR ...>;
...
$RES.send(..., <... $LOCALVAR ...>, ...)
- pattern: |
var {$LOCALVAR} = <... $REQ.$QUERY ...>;
...
$RES.send(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR = {$KEY: <... $REQ.$QUERY ...>};
...
$RES.write(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR = {$KEY: <... $REQ.$QUERY.$FOO ...>};
...
$RES.write(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR = {$KEY: <... $REQ.$QUERY.$VAR ...>};
...
$RES.send(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR = {$KEY: <... $REQ.$QUERY ...>};
...
$RES.send(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR.push(<... $REQ.$QUERY ...>)
...
$RES.write(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR.push(<... $REQ.$QUERY.$FOO ...>)
...
$RES.write(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR.push(<... $REQ.$QUERY.$VAR ...>)
...
$RES.send(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR.push(<... $REQ.$QUERY ...>)
...
$RES.send(..., <... $LOCALVAR ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY ...>;
...
$ARR.push(<... $LOCALVAR ...>)
...
$RES.write(..., <... $ARR ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY.$FOO ...>;
...
$ARR.push(<... $LOCALVAR ...>)
...
$RES.write(..., <... $ARR ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY.$VAR ...>;
...
$ARR.push(<... $LOCALVAR ...>)
...
$RES.send(..., <... $ARR ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY ...>;
...
$ARR.push(<... $LOCALVAR ...>)
...
$RES.send(..., <... $ARR ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY ...>;
...
$OUT = <... $LOCALVAR ...>;
...
$RES.write(..., <... $OUT ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY.$FOO ...>;
...
$OUT = <... $LOCALVAR ...>;
...
$RES.write(..., <... $OUT ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY.$VAR ...>;
...
$OUT = <... $LOCALVAR ...>;
...
$RES.send(..., <... $OUT ...>, ...)
- pattern: |
$LOCALVAR = <... $REQ.$QUERY ...>;
...
$OUT = <... $LOCALVAR ...>;
...
$RES.send(..., <... $OUT ...>, ...)
message: Untrusted User Input in Response will result in Reflected Cross Site
Scripting Vulnerability.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a1
cwe: cwe-79
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/WxE4