For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

UrlRedirectQuery

Module UrlRedirectQuery

Provides a taint-tracking configuration for reasoning about unvalidated URL redirect problems.


                                import semmle.code.csharp.security.dataflow.UrlRedirectQuery

The default C# QL library.

AspNetCoreLocationHeaderSink	Anything that is setting “location” header in the response headers.
AspNetCoreRedirectSink	A URL argument to a call to `HttpResponse.Redirect()` or `Controller.Redirect()`, that is a sink for URL redirects.
ConcatenationSanitizer	A string concatenation expression, where the left hand side contains the character “?”.
HttpServerTransferSink	A path argument to a call to `HttpServerUtility.Transfer`.
LocalUrlSanitizer	A URL argument to a call to `UrlHelper.isLocalUrl()` that is a sanitizer for URL redirects.
LocationHeaderSink	A value argument to a call to `AddHeader` or `AppendHeader` that adds the `Location`.
RawUrlSanitizer	A call to the getter of the RawUrl property, whose value is considered to be safe for URL redirects.
RedirectSink	A URL argument to a call to `HttpResponse.Redirect()` or `Controller.Redirect()`, that is a sink for URL redirects.
RemoteSource	A source of remote user input.
Sanitizer	A sanitizer for unvalidated URL redirect vulnerabilities.
SanitizerGuard	DEPRECATED: Use `Sanitizer` instead.
Sink	A data flow sink for unvalidated URL redirect vulnerabilities.
Source	A data flow source for unvalidated URL redirect vulnerabilities.
TaintTrackingConfiguration	DEPRECATED: Use `UrlRedirect` instead.
UrlEncodeSanitizer	A call to an URL encoder.

A taint-tracking module for reasoning about unvalidated URL redirect vulnerabilities.