- Sonarqube developer edition v9.9.1
- We have deployed this in K8s using helm
- We are using sonarqube for code quality and security scanning tool in our org.
- Recently we have done internal penetration testing on our app, we found 1 DOM xss in react based app and another stored XSS in PHP.
I am wondering, why this was not captured by sonarqube during code analysis. Could you please clarify this?
DOM XSS affected code:
const paramMatch = path.match(/^\/RP.*?(?:\?|&)ref=([^&]*?)(?:&|$)/);
if (paramMatch) {
let host = PENSION_PRODUCTS_LINKS.general;
const hostMatch = path.match(/^\/RP.*?(?:\?|&)host=([^&]*?)(?:&|$)/);
if (hostMatch) {
switch (hostMatch[1]) {
case investParameter:
host = investHost;
break;
case wsParameter:
host = '';
break;
default:
host = `https://${decodeURIComponent(hostMatch[1])}.${pensionHost}`;
}
}
const test = host + decodeURIComponent(paramMatch[1]);
this “test” variable later ends up in window.location.replace() function.
Please let me know, if you need more info.
Thanks,
Krishna