ajinabraham.njsscan.xxe_node.node_xxe
ajinabrahamAuthor
1,129
Download Count*
License
User controlled data in XML parsers can result in XML External or Internal Entity (XXE) Processing vulnerabilities
Run Locally
Run in CI
Defintion
rules:
- id: node_xxe
patterns:
- pattern-either:
- pattern-inside: function ($REQ, $RES, ...) {...}
- pattern-inside: function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
- pattern-either:
- pattern: |
$LIBXML.parseXmlString(..., <... $REQ.$QUERY.$VAR.$FILE ...>, ...)
- pattern: |
$LIBXML.parseXmlString(..., <... $REQ.$QUERY.$VAR ...>, ...)
- pattern: |
$LIBXML.parseXmlString(..., <... $REQ.$QUERY ...>, ...)
- pattern: >
$FOO = <... $REQ.$QUERY.$VAR.$FILE ...>; ...
$LIBXML.parseXmlString(..., <... $FOO ...>, ...)
- pattern: >
$FOO = <... $REQ.$QUERY.$VAR ...>; ... $LIBXML.parseXmlString(...,
<... $FOO ...>, ...)
- pattern: >
$FOO = <... $REQ.$QUERY ...>; ... $LIBXML.parseXmlString(..., <...
$FOO ...>, ...)
- pattern: |
$LIBXML.parseXml(..., <... $REQ.$QUERY.$VAR.$FILE ...>, ...)
- pattern: |
$LIBXML.parseXml(..., <... $REQ.$QUERY.$VAR ...>, ...)
- pattern: |
$LIBXML.parseXml(..., <... $REQ.$QUERY ...>, ...)
- pattern: >
$FOO = <... $REQ.$QUERY.$VAR.$FILE ...>; ... $LIBXML.parseXml(...,
<... $FOO ...>, ...)
- pattern: >
$FOO = <... $REQ.$QUERY.$VAR ...>; ... $LIBXML.parseXml(..., <...
$FOO ...>, ...)
- pattern: |
$FOO = <... $REQ.$QUERY ...>;
...
$LIBXML.parseXml(..., <... $FOO ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxParser()
...
$PARSER.parseString(..., <... $REQ.$QUERY ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxParser()
...
$PARSER.parseString(..., <... $REQ.$QUERY.$BAR ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxParser()
...
$PARSER.parseString(..., <... $REQ.$QUERY.$BAR.$FILE ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxPushParser()
...
$PARSER.push(..., <... $REQ.$QUERY ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxPushParser()
...
$PARSER.push(..., <... $REQ.$QUERY.$FOO ...> , ...)
- pattern: |
$PARSER = new libxmljs.SaxPushParser()
...
$PARSER.push(..., <... $REQ.$QUERY.$FOO.$FILE ...> , ...)
- pattern: |
$PARSER = new libxmljs.SaxParser()
...
$FOO = <... $REQ.$QUERY ...>;
...
$PARSER.parseString(..., <... $FOO ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxParser()
...
$FOO = <... $REQ.$QUERY.$BAR ...>;
...
$PARSER.parseString(..., <... $FOO ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxParser()
...
$FOO = <... $REQ.$QUERY.$BAR.$FILE ...>;
...
$PARSER.parseString(..., <... $FOO ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxPushParser()
...
$FOO = <... $REQ.$QUERY ...>;
...
$PARSER.push(..., <... $FOO ...>, ...)
- pattern: |
$PARSER = new libxmljs.SaxPushParser()
...
$FOO = <... $REQ.$QUERY.$BAR ...>;
...
$PARSER.push(..., <... $FOO ...> , ...)
- pattern: |
$PARSER = new libxmljs.SaxPushParser()
...
$FOO = <... $REQ.$QUERY.$BAR.$FILE ...>;
...
$PARSER.push(..., <... $FOO ...> , ...)
message: User controlled data in XML parsers can result in XML External or
Internal Entity (XXE) Processing vulnerabilities
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a4
cwe: cwe-611
license: LGPL-3.0-or-later
Short Link: https://sg.run/2xQj