mcp-server-semgrep

rules: - id: reflected-data-httpresponsebadrequest message: Found user-controlled request data passed into a HttpResponseBadRequest. This could be vulnerable to XSS, leading to attackers gaining access to user cookies and protected information. Ensure that the request data is properly escaped or sanitzed. metadata: cwe: - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" owasp: - A07:2017 - Cross-Site Scripting (XSS) - A03:2021 - Injection references: - https://django-book.readthedocs.io/en/latest/chapter20.html#cross-site-scripting-xss category: security technology: - django cwe2022-top25: true cwe2021-top25: true subcategory: - vuln likelihood: LOW impact: MEDIUM confidence: MEDIUM languages: [python] severity: WARNING patterns: - pattern-inside: | def $FUNC(...): ... - pattern-either: - pattern: django.http.HttpResponseBadRequest(..., $S.format(..., request.$W.get(...), ...), ...) - pattern: django.http.HttpResponseBadRequest(..., $S % request.$W.get(...), ...) - pattern: django.http.HttpResponseBadRequest(..., f"...{request.$W.get(...)}...", ...) - pattern: django.http.HttpResponseBadRequest(..., request.$W.get(...), ...) - pattern: | $DATA = request.$W.get(...) ... django.http.HttpResponseBadRequest(..., $DATA, ...) - pattern: | $DATA = request.$W.get(...) ... $INTERM = $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W.get(...) ... django.http.HttpResponseBadRequest(..., $STR.format(..., $DATA, ...), ...) - pattern: | $DATA = request.$W.get(...) ... $INTERM = $STR.format(..., $DATA, ...) ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W.get(...) ... django.http.HttpResponseBadRequest(..., $STR % $DATA, ...) - pattern: | $DATA = request.$W.get(...) ... $INTERM = $STR % $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W.get(...) ... django.http.HttpResponseBadRequest(..., f"...{$DATA}...", ...) - pattern: | $DATA = request.$W.get(...) ... $INTERM = f"...{$DATA}..." ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W.get(...) ... django.http.HttpResponseBadRequest(..., $STR + $DATA, ...) - pattern: | $DATA = request.$W.get(...) ... $INTERM = $STR + $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: $A = django.http.HttpResponseBadRequest(..., request.$W.get(...), ...) - pattern: return django.http.HttpResponseBadRequest(..., request.$W.get(...), ...) - pattern: django.http.HttpResponseBadRequest(..., $S.format(..., request.$W(...), ...), ...) - pattern: django.http.HttpResponseBadRequest(..., $S % request.$W(...), ...) - pattern: django.http.HttpResponseBadRequest(..., f"...{request.$W(...)}...", ...) - pattern: django.http.HttpResponseBadRequest(..., request.$W(...), ...) - pattern: | $DATA = request.$W(...) ... django.http.HttpResponseBadRequest(..., $DATA, ...) - pattern: | $DATA = request.$W(...) ... $INTERM = $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W(...) ... django.http.HttpResponseBadRequest(..., $STR.format(..., $DATA, ...), ...) - pattern: | $DATA = request.$W(...) ... $INTERM = $STR.format(..., $DATA, ...) ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W(...) ... django.http.HttpResponseBadRequest(..., $STR % $DATA, ...) - pattern: | $DATA = request.$W(...) ... $INTERM = $STR % $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W(...) ... django.http.HttpResponseBadRequest(..., f"...{$DATA}...", ...) - pattern: | $DATA = request.$W(...) ... $INTERM = f"...{$DATA}..." ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W(...) ... django.http.HttpResponseBadRequest(..., $STR + $DATA, ...) - pattern: | $DATA = request.$W(...) ... $INTERM = $STR + $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: $A = django.http.HttpResponseBadRequest(..., request.$W(...), ...) - pattern: return django.http.HttpResponseBadRequest(..., request.$W(...), ...) - pattern: django.http.HttpResponseBadRequest(..., $S.format(..., request.$W[...], ...), ...) - pattern: django.http.HttpResponseBadRequest(..., $S % request.$W[...], ...) - pattern: django.http.HttpResponseBadRequest(..., f"...{request.$W[...]}...", ...) - pattern: django.http.HttpResponseBadRequest(..., request.$W[...], ...) - pattern: | $DATA = request.$W[...] ... django.http.HttpResponseBadRequest(..., $DATA, ...) - pattern: | $DATA = request.$W[...] ... $INTERM = $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W[...] ... django.http.HttpResponseBadRequest(..., $STR.format(..., $DATA, ...), ...) - pattern: | $DATA = request.$W[...] ... $INTERM = $STR.format(..., $DATA, ...) ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W[...] ... django.http.HttpResponseBadRequest(..., $STR % $DATA, ...) - pattern: | $DATA = request.$W[...] ... $INTERM = $STR % $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W[...] ... django.http.HttpResponseBadRequest(..., f"...{$DATA}...", ...) - pattern: | $DATA = request.$W[...] ... $INTERM = f"...{$DATA}..." ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W[...] ... django.http.HttpResponseBadRequest(..., $STR + $DATA, ...) - pattern: | $DATA = request.$W[...] ... $INTERM = $STR + $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: $A = django.http.HttpResponseBadRequest(..., request.$W[...], ...) - pattern: return django.http.HttpResponseBadRequest(..., request.$W[...], ...) - pattern: django.http.HttpResponseBadRequest(..., $S.format(..., request.$W, ...), ...) - pattern: django.http.HttpResponseBadRequest(..., $S % request.$W, ...) - pattern: django.http.HttpResponseBadRequest(..., f"...{request.$W}...", ...) - pattern: django.http.HttpResponseBadRequest(..., request.$W, ...) - pattern: | $DATA = request.$W ... django.http.HttpResponseBadRequest(..., $DATA, ...) - pattern: | $DATA = request.$W ... $INTERM = $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W ... django.http.HttpResponseBadRequest(..., $STR.format(..., $DATA, ...), ...) - pattern: | $DATA = request.$W ... $INTERM = $STR.format(..., $DATA, ...) ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W ... django.http.HttpResponseBadRequest(..., $STR % $DATA, ...) - pattern: | $DATA = request.$W ... $INTERM = $STR % $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W ... django.http.HttpResponseBadRequest(..., f"...{$DATA}...", ...) - pattern: | $DATA = request.$W ... $INTERM = f"...{$DATA}..." ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: | $DATA = request.$W ... django.http.HttpResponseBadRequest(..., $STR + $DATA, ...) - pattern: | $DATA = request.$W ... $INTERM = $STR + $DATA ... django.http.HttpResponseBadRequest(..., $INTERM, ...) - pattern: $A = django.http.HttpResponseBadRequest(..., request.$W, ...) - pattern: return django.http.HttpResponseBadRequest(..., request.$W, ...)