CodeQL library for C#
codeql/csharp-all 3.1.1 (changelog, source)
Search

Class ConcatenationSanitizer

A string concatenation expression, where the left hand side contains the character “?”.

This is considered as sanitizing the overall expression, because the attacker can then only control the query string parameters, rather than the location itself. In the majority of cases, this will only allow the attacker to redirect the user to a link they could have already redirected them to.

Import path

import semmle.code.csharp.security.dataflow.UrlRedirectQuery

Direct supertypes

Indirect supertypes

Inherited predicates

asDefinition

Gets the definition corresponding to this node, if any.

from Node
asDefinitionAtNode

Gets the definition corresponding to this node, at control flow node cfn, if any.

from Node
asExpr

Gets the expression corresponding to this node, if any.

from Node
asExprAtNode

Gets the expression corresponding to this node, at control flow node cfn, if any.

from Node
asParameter

Gets the parameter corresponding to this node, if any.

from Node
getControlFlowNode

Gets the control flow node corresponding to this node, if any.

from Node
getEnclosingCallable

Gets the enclosing callable of this node.

from Node
getExpr

Gets the expression corresponding to this node.

from ExprNode
getExprAtNode

Gets the expression corresponding to this node, at control flow node cfn, if any.

from ExprNode
getLocation

Gets the location of this node.

from Node
getType

Gets the type of this node.

from Node
hasLocationInfo

Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

from Node
toString

Gets a textual representation of this node.

from Node

Charpred