Draft: Embed Semgrep Community Rule Tainted HTML
What does this MR do?
This change introduces a new rule to detect potential cross-site scripting (XSS) vulnerabilities in Java code. The rule checks for instances where user input is directly concatenated into HTML strings, which could allow attackers to inject malicious code into web pages. The rule provides guidance on how to safely render HTML to prevent XSS vulnerabilities. Additionally it provides examples of both unsafe and safe code.
- Formatted Rule
- Added Metadata
- Created Valid Tests: Added Test Class for java_inject_rule-TaintedHTML (!50) · Merge requests · GitLab.org / security-products / Tests / SAST rules apps / java-web-apps · GitLab