/
unsanitized-input.yaml
46 lines (46 loc) · 1.45 KB
/
unsanitized-input.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
rules:
- id: response-contains-unsanitized-input
message: >-
Flask response reflects unsanitized user input. This could lead to a
cross-site scripting vulnerability (https://owasp.org/www-community/attacks/xss/)
in which an attacker causes arbitrary code to be executed in the user's browser.
To prevent, please sanitize the user input, e.g. by rendering the response
in a Jinja2 template (see considerations in https://flask.palletsprojects.com/en/1.0.x/security/).
metadata:
cwe:
- "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
owasp:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
references:
- https://flask.palletsprojects.com/en/1.0.x/security/
- https://owasp.org/www-community/attacks/xss/
category: security
technology:
- flask
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- audit
likelihood: LOW
impact: MEDIUM
confidence: LOW
languages: [python]
severity: WARNING
pattern-either:
- pattern: |
$X = flask.request.args.get(...)
...
flask.make_response("...".format($X))
- pattern: |
$X = flask.request.args.get(...)
...
flask.make_response(f"...{$X}...")
- pattern: |
$X = flask.request.args.get(...)
...
flask.make_response(f"...{$X}")
- pattern: |
$X = flask.request.args.get(...)
...
flask.make_response(f"{$X}...")