Skip to content

Commit

Permalink
added new problem type
Browse files Browse the repository at this point in the history
  • Loading branch information
@normanwenzel
normanwenzel committed Aug 5, 2021
1 parent 337c5e5 commit c5d0755
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/main/java/com/rigsit/xanitizer/sqplugin/metrics/GeneratedProblemType.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ public enum GeneratedProblemType {

XANITIZER_PROBLEM_TYPE_89("com.rigsit.xanitizer.plugins.languages.js.JavaScriptLanguagePlugin/jsTaint/ClientSideXSS", "XSS: Client-Side XSS", "Data flow of tainted data in client from some taint source to some XSS taint sink.", "Break the flow of the tainted data at some location.", 79, 7, 4, "js"),

XANITIZER_PROBLEM_TYPE_90("com.rigsit.xanitizer.plugins.languages.js.JavaScriptLanguagePlugin/jsTaint/ClientSideXSSSink", "XSS: Client-Side XSS Sink", "If tainted data reaches this spot, cross-site scripting might be possible.", "Inspect the code carefully, checking that no harmful command can be injected here.", 79, 7, 4, "js"),
XANITIZER_PROBLEM_TYPE_90("com.rigsit.xanitizer.plugins.languages.js.JavaScriptLanguagePlugin/jsTaint/ClientSideXSSSink", "XSS: Client-Side XSS Sink", "If tainted data reaches this spot, cross-site scripting might be possible.", "Inspect the code carefully, checking that no harmful data can be injected here.", 79, 7, 4, "js"),

XANITIZER_PROBLEM_TYPE_116("com.rigsit.xanitizer.plugins.languages.js.JavaScriptLanguagePlugin/jsTaint/ClientSideURLRedirection", "Phishing: Client-Side URL Redirection", "Data flow of tainted data in client from some taint source to some spot where it might lead to navigation to an untrusted site.", "Break the flow of the tainted data at some location.", 601, -1, 22, "js"),

Expand Down Expand Up @@ -249,6 +249,8 @@ public enum GeneratedProblemType {

XANITIZER_PROBLEM_TYPE_117("com.rigsit.xanitizer.plugins.languages.js.JavaScriptLanguagePlugin/jsTaint/EvalInjection", "Eval Injection", "Tainted data reaches a location where it is executed as code.", "Do not execute tainted data.", 95, -1, -1, "js"),

XANITIZER_PROBLEM_TYPE_118("com.rigsit.xanitizer.plugins.languages.js.JavaScriptLanguagePlugin/jsTaint/SessionHijacking", "Danger of Session Hijacking", "A 'session' cookie is not 'httpOnly'.", "For session cookies, 'httpOnly' should be false.", 287, 2, -1, "js"),

;

private final String id;
Expand Down

0 comments on commit c5d0755

Please sign in to comment.