mcp-server-semgrep/semgrep-rules/python/aws-lambda/security/tainted-html-string.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: tainted-html-string
  languages:
  - python
  severity: WARNING
  message: >-
    Detected user input flowing into a manually constructed HTML string. You may be accidentally bypassing
    secure methods
    of rendering HTML by manually constructing HTML and this could create a cross-site scripting vulnerability,
    which could
    let attackers steal sensitive user data. To be sure this is safe, check that the HTML is rendered
    safely. Otherwise, use
    templates which will safely render HTML instead.
  metadata:
    cwe:
    - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
    owasp:
    - A07:2017 - Cross-Site Scripting (XSS)
    - A03:2021 - Injection
    category: security
    technology:
    - aws-lambda
    references:
    - https://owasp.org/Top10/A03_2021-Injection
    cwe2022-top25: true
    cwe2021-top25: true
    subcategory:
    - vuln
    likelihood: HIGH
    impact: MEDIUM
    confidence: MEDIUM
  mode: taint
  pattern-sources:
  - patterns:
    - pattern: event
    - pattern-inside: |
        def $HANDLER(event, context):
          ...
  pattern-sinks:
  - patterns:
    - pattern-either:
      - patterns:
        - pattern-either:
          - pattern: '"$HTMLSTR" % ...'
          - pattern: '"$HTMLSTR".format(...)'
          - pattern: '"$HTMLSTR" + ...'
          - pattern: f"$HTMLSTR{...}..."
      - patterns:
        - pattern-inside: |
            $HTML = "$HTMLSTR"
            ...
        - pattern-either:
          - pattern: $HTML % ...
          - pattern: $HTML.format(...)
          - pattern: $HTML + ...
    - metavariable-pattern:
        metavariable: $HTMLSTR
        language: generic
        pattern: <$TAG ...
    - pattern-not-inside: |
        print(...)