mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-30 20:39:39 +02:00
docs: update inline references and improve XSS detection in Java servlet writers, refactor matchers for clarity and extend sanitizer support
This commit is contained in:
parent
c2cd6f009e
commit
eb4332edb5
56 changed files with 339 additions and 144 deletions
|
|
@ -9,15 +9,7 @@
|
|||
"must_match": true,
|
||||
"line_range": [5, 12],
|
||||
"evidence_contains": [],
|
||||
"notes": "catch(Exception e) binds e as tainted; e flows to println sink via catch parameter"
|
||||
},
|
||||
{
|
||||
"rule_id": "java.xss.getwriter_print",
|
||||
"severity": "MEDIUM",
|
||||
"must_match": true,
|
||||
"line_range": [10, 10],
|
||||
"evidence_contains": [],
|
||||
"notes": "response.getWriter().println() in catch block — AST pattern detects potential XSS via error response"
|
||||
"notes": "catch(Exception e) binds e as tainted; e flows to response.getWriter().println at line 10 — reflected XSS via error response. Replaces the retired java.xss.getwriter_print AST pattern: reflected XSS is now a taint sink (Sink(Cap::HTML_ESCAPE)), so this is taint-confirmed rather than flagged on every writer call."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,21 +19,13 @@
|
|||
"evidence_contains": [],
|
||||
"notes": "AST pattern detects executeQuery with string concatenation — SQL injection"
|
||||
},
|
||||
{
|
||||
"rule_id": "java.xss.getwriter_print",
|
||||
"severity": "MEDIUM",
|
||||
"must_match": true,
|
||||
"line_range": [12, 12],
|
||||
"evidence_contains": [],
|
||||
"notes": "response.getWriter().println() with user input — reflected XSS via error response"
|
||||
},
|
||||
{
|
||||
"rule_id": "taint-unsanitised-flow",
|
||||
"severity": "HIGH",
|
||||
"must_match": true,
|
||||
"line_range": [7, 12],
|
||||
"evidence_contains": [],
|
||||
"notes": "request.getParameter flows to response.getWriter().println — user input reflected in error response"
|
||||
"notes": "request.getParameter flows to response.getWriter().println at line 12 — user input reflected in error response. Replaces the retired java.xss.getwriter_print AST pattern: reflected XSS is now a taint sink (Sink(Cap::HTML_ESCAPE)), taint-confirmed rather than flagged on every writer call."
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue