A comprehensive Spring Boot demonstration application designed to test and compare static analysis tools' capabilities in detecting XSS (Cross-Site Scripting) vulnerabilities across different complexity levels.
The application includes five progressively complex XSS vulnerability patterns:
- Direct user input return
- Local variable assignment
- Inter-procedural flow
- Constructor chains and field sensitivity
- Builder pattern and virtual method calls
The project includes xss.yaml with Semgrep rules:
- pattern-concat.xss: Detects string concatenation with user parameters in controller methods without proper escaping
- pattern.xss: Identifies direct return of user parameters from controller methods without sanitization
- taint.xss: Performs taint analysis tracking data flow from controller parameters to return statements, recognizing
HtmlUtils.htmlEscape()as a sanitizer