Module UrlRedirectQuery

Provides a taint-tracking configuration for reasoning about unvalidated URL redirect problems.

Import path

import semmle.code.csharp.security.dataflow.UrlRedirectQuery

Imports

The default C# QL library.

Classes

AspNetCoreLocationHeaderSink	Anything that is setting “location” header in the response headers.
AspNetCoreRedirectSink	A URL argument to a call to `HttpResponse.Redirect()` or `Controller.Redirect()`, that is a sink for URL redirects.
ConcatenationSanitizer	A string concatenation expression, where the left hand side contains the character “?”.
ContainsUrlSanitizer	An URL argument to a call to `.Contains()` that is a sanitizer for URL redirects.
HostComparisonSanitizer	A comparison on the `Host` property of a url, that is a sanitizer for URL redirects.
HttpServerTransferSink	A path argument to a call to `HttpServerUtility.Transfer`.
LocalUrlSanitizer	A URL argument to a call to `UrlHelper.IsLocalUrl()` or `HttpRequestBase.IsUrlLocalToHost()` that is a sanitizer for URL redirects.
LocationHeaderSink	A value argument to a call to `AddHeader` or `AppendHeader` that adds the `Location`.
RawUrlSanitizer	A call to the getter of the RawUrl property, whose value is considered to be safe for URL redirects.
RedirectSink	A URL argument to a call to `HttpResponse.Redirect()` or `Controller.Redirect()`, that is a sink for URL redirects.
RelativeUrlSanitizer	A check that the URL is relative, and therefore safe for URL redirects.
RemoteSource	DEPRECATED: Use `ThreatModelSource` instead.
Sanitizer	A sanitizer for unvalidated URL redirect vulnerabilities.
Sink	A data flow sink for unvalidated URL redirect vulnerabilities.
Source	A data flow source for unvalidated URL redirect vulnerabilities.
TaintTrackingConfiguration	DEPRECATED: Use `UrlRedirect` instead.
ThreatModelSource	A source supported by the current threat model.
UrlEncodeSanitizer	A call to an URL encoder.

Aliases

UrlRedirect

A taint-tracking module for reasoning about unvalidated URL redirect vulnerabilities.