Description

Detects reflected Cross-Site Scripting (XSS) vulnerabilities in Ruby Sinatra web applications. The vulnerability occurs when user-controlled input data is rendered in HTTP responses without proper sanitization, allowing attackers to inject malicious JavaScript code that executes in users' browsers.

Detection Strategy

• Checks if the Sinatra web framework is imported in the Ruby application code

• Analyzes execution blocks in route handlers (like get '/path' do ... end)

• Identifies when user input (e.g. params, request data) is used directly in response rendering

• Reports vulnerabilities when user-controlled data flows to HTTP responses without sanitization or escaping

Vulnerable code example

require 'sinatra'

get '/search' do
  query = params['q']  # Source: Untrusted user input from URL parameter
  "<h1>Results for: #{query}</h1>"  # Sink: Direct interpolation enables XSS
end

✅ Secure code example

require 'sinatra'
require 'rack/utils'

get '/search' do
  query = params['q']
  # Sanitize user input with HTML escaping before rendering
  safe_query = Rack::Utils.escape_html(query)
  "<h1>Results for: #{safe_query}</h1>"...