Add HtmlEscaping sanitizer

jorgectf · jorgectf · commit c155ac6e7ada · 2022-03-10T00:47:04.000+01:00
diff --git a/python/ql/src/experimental/semmle/python/security/dataflow/ReflectedXSS.qll b/python/ql/src/experimental/semmle/python/security/dataflow/ReflectedXSS.qll
@@ -9,6 +9,7 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources
 import semmle.python.dataflow.new.BarrierGuards
 import experimental.semmle.python.Concepts
+import semmle.python.Concepts
 import semmle.python.ApiGraphs
 
 /**
@@ -26,6 +27,10 @@ class ReflectedXssConfiguration extends TaintTracking::Configuration {
     guard instanceof StringConstCompare
   }
 
+  override predicate isSanitizer(DataFlow::Node sanitizer) {
+    sanitizer = any(HtmlEscaping esc).getOutput()
+  }
+
   override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
     exists(DataFlow::CallCfgNode htmlContentCall |
       htmlContentCall =
