mcp-server-semgrep

rules: - id: react-unsanitized-method message: >- Detection of $HTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use $HTML, consider using a sanitization library such as DOMPurify to sanitize your HTML. metadata: cwe: - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" owasp: - A07:2017 - Cross-Site Scripting (XSS) - A03:2021 - Injection references: - https://developer.mozilla.org/en-US/docs/Web/API/Document/writeln - https://developer.mozilla.org/en-US/docs/Web/API/Document/write - https://developer.mozilla.org/en-US/docs/Web/API/Element/insertAdjacentHTML category: security confidence: MEDIUM technology: - react cwe2022-top25: true cwe2021-top25: true subcategory: - vuln likelihood: HIGH impact: MEDIUM languages: - typescript - javascript severity: WARNING mode: taint pattern-sources: - patterns: - pattern-either: - pattern-inside: | function ...({..., $X, ...}) { ... } - pattern-inside: | function ...(..., $X, ...) { ... } - focus-metavariable: $X - pattern-either: - pattern: $X.$Y - pattern: $X[...] pattern-sinks: - patterns: - pattern-either: - pattern: | this.window.document. ... .$HTML('...',$SINK) - pattern: | window.document. ... .$HTML('...',$SINK) - pattern: | document.$HTML($SINK) - metavariable-regex: metavariable: $HTML regex: (writeln|write) - focus-metavariable: $SINK - patterns: - pattern-either: - pattern: | $PROP. ... .$HTML('...',$SINK) - metavariable-regex: metavariable: $HTML regex: (insertAdjacentHTML) - focus-metavariable: $SINK pattern-sanitizers: - patterns: - pattern-either: - pattern-inside: | import $S from "underscore.string" ... - pattern-inside: | import * as $S from "underscore.string" ... - pattern-inside: | import $S from "underscore.string" ... - pattern-inside: | $S = require("underscore.string") ... - pattern-either: - pattern: $S.escapeHTML(...) - patterns: - pattern-either: - pattern-inside: | import $S from "dompurify" ... - pattern-inside: | import { ..., $S,... } from "dompurify" ... - pattern-inside: | import * as $S from "dompurify" ... - pattern-inside: | $S = require("dompurify") ... - pattern-inside: | import $S from "isomorphic-dompurify" ... - pattern-inside: | import * as $S from "isomorphic-dompurify" ... - pattern-inside: | $S = require("isomorphic-dompurify") ... - pattern-either: - patterns: - pattern-inside: | $VALUE = $S(...) ... - pattern: $VALUE.sanitize(...) - patterns: - pattern-inside: | $VALUE = $S.sanitize ... - pattern: $S(...) - pattern: $S.sanitize(...) - pattern: $S(...) - patterns: - pattern-either: - pattern-inside: | import $S from 'xss'; ... - pattern-inside: | import * as $S from 'xss'; ... - pattern-inside: | $S = require("xss") ... - pattern: $S(...) - patterns: - pattern-either: - pattern-inside: | import $S from 'sanitize-html'; ... - pattern-inside: | import * as $S from "sanitize-html"; ... - pattern-inside: | $S = require("sanitize-html") ... - pattern: $S(...) - patterns: - pattern-either: - pattern-inside: | $S = new Remarkable() ... - pattern: $S.render(...)