/
xssrequestwrapper-is-insecure.yaml
39 lines (39 loc) · 1.23 KB
/
xssrequestwrapper-is-insecure.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
rules:
- id: xssrequestwrapper-is-insecure
metadata:
owasp:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
cwe:
- "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
source-rule-url: https://find-sec-bugs.github.io/bugs.htm#XSS_REQUEST_WRAPPER
category: security
technology:
- java
references:
- https://owasp.org/Top10/A03_2021-Injection
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- audit
likelihood: LOW
impact: MEDIUM
confidence: LOW
message: >-
It looks like you're using an implementation of XSSRequestWrapper from dzone.
(https://www.javacodegeeks.com/2012/07/anti-cross-site-scripting-xss-filter.html)
The XSS filtering in this code is not secure and can be bypassed by malicious
actors.
It is recommended to use a stack that automatically escapes in your view or templates
instead of filtering yourself.
severity: WARNING
languages:
- java
pattern-either:
- pattern: |
class XSSRequestWrapper extends HttpServletRequestWrapper {
...
}
- pattern: |-
$P = $X.compile("</script>", $X.CASE_INSENSITIVE);
$V = $P.matcher(...).replaceAll("");