CodeQL library for C#
codeql/csharp-all 0.8.10-dev (changelog, source)
Search

Module UrlRedirectQuery

Provides a taint-tracking configuration for reasoning about unvalidated URL redirect problems.

Import path

import semmle.code.csharp.security.dataflow.UrlRedirectQuery

Imports

csharp

The default C# QL library.

Classes

AspNetCoreLocationHeaderSink

Anything that is setting “location” header in the response headers.

AspNetCoreRedirectSink

A URL argument to a call to HttpResponse.Redirect() or Controller.Redirect(), that is a sink for URL redirects.

ConcatenationSanitizer

A string concatenation expression, where the left hand side contains the character “?”.

ContainsUrlSanitizer

An URL argument to a call to .Contains() that is a sanitizer for URL redirects.

HostComparisonSanitizer

A comparison on the Host property of a url, that is a sanitizer for URL redirects.

HttpServerTransferSink

A path argument to a call to HttpServerUtility.Transfer.

LocalUrlSanitizer

A URL argument to a call to UrlHelper.IsLocalUrl() or HttpRequestBase.IsUrlLocalToHost() that is a sanitizer for URL redirects.

LocationHeaderSink

A value argument to a call to AddHeader or AppendHeader that adds the Location.

RawUrlSanitizer

A call to the getter of the RawUrl property, whose value is considered to be safe for URL redirects.

RedirectSink

A URL argument to a call to HttpResponse.Redirect() or Controller.Redirect(), that is a sink for URL redirects.

RelativeUrlSanitizer

A check that the URL is relative, and therefore safe for URL redirects.

RemoteSource

A source of remote user input.

Sanitizer

A sanitizer for unvalidated URL redirect vulnerabilities.

Sink

A data flow sink for unvalidated URL redirect vulnerabilities.

Source

A data flow source for unvalidated URL redirect vulnerabilities.

TaintTrackingConfiguration

DEPRECATED: Use UrlRedirect instead.

UrlEncodeSanitizer

A call to an URL encoder.

Aliases

UrlRedirect

A taint-tracking module for reasoning about unvalidated URL redirect vulnerabilities.