CodeQL library for C#
codeql/csharp-all 0.5.1 (changelog, source)
Search

Module UrlRedirectQuery

Provides a taint-tracking configuration for reasoning about unvalidated URL redirect problems.

Import path

import semmle.code.csharp.security.dataflow.UrlRedirectQuery

Imports

csharp

The default C# QL library.

Classes

AspNetCoreLocationHeaderSink

Anything that is setting “location” header in the response headers.

AspNetCoreRedirectSink

A URL argument to a call to HttpResponse.Redirect() or Controller.Redirect(), that is a sink for URL redirects.

ConcatenationSanitizer

A string concatenation expression, where the left hand side contains the character “?”.

HttpServerTransferSink

A path argument to a call to HttpServerUtility.Transfer.

LocalUrlSanitizer

A URL argument to a call to UrlHelper.isLocalUrl() that is a sanitizer for URL redirects.

LocationHeaderSink

A value argument to a call to AddHeader or AppendHeader that adds the Location.

RawUrlSanitizer

A call to the getter of the RawUrl property, whose value is considered to be safe for URL redirects.

RedirectSink

A URL argument to a call to HttpResponse.Redirect() or Controller.Redirect(), that is a sink for URL redirects.

RemoteSource

A source of remote user input.

Sanitizer

A sanitizer for unvalidated URL redirect vulnerabilities.

SanitizerGuard

DEPRECATED: Use Sanitizer instead.

Sink

A data flow sink for unvalidated URL redirect vulnerabilities.

Source

A data flow source for unvalidated URL redirect vulnerabilities.

TaintTrackingConfiguration

A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities.

UrlEncodeSanitizer

A call to an URL encoder.