DOM XSS in react and stored xss in PHP was not detected by sonarqube

  • Sonarqube developer edition v9.9.1
  • We have deployed this in K8s using helm
  • We are using sonarqube for code quality and security scanning tool in our org.
  • Recently we have done internal penetration testing on our app, we found 1 DOM xss in react based app and another stored XSS in PHP.

I am wondering, why this was not captured by sonarqube during code analysis. Could you please clarify this?

DOM XSS affected code:

const paramMatch = path.match(/^\/RP.*?(?:\?|&)ref=([^&]*?)(?:&|$)/);
if (paramMatch) {
let host = PENSION_PRODUCTS_LINKS.general;
const hostMatch = path.match(/^\/RP.*?(?:\?|&)host=([^&]*?)(?:&|$)/);

if (hostMatch) {
switch (hostMatch[1]) {
case investParameter:
host = investHost;
case wsParameter:
host = '';
host = `https://${decodeURIComponent(hostMatch[1])}.${pensionHost}`;
const test = host + decodeURIComponent(paramMatch[1]);

this “test” variable later ends up in window.location.replace() function.

Please let me know, if you need more info.


1 Like

Hello Krish,

Could you also please post the part where path is defined? And it would be good to have the part between const test and the window.location.replace. Thanks!