Class ConcatenationSanitizer
A string concatenation expression, where the left hand side contains the character “?”.
This is considered as sanitizing the overall expression, because the attacker can then only control the query string parameters, rather than the location itself. In the majority of cases, this will only allow the attacker to redirect the user to a link they could have already redirected them to.
Import path
import semmle.code.csharp.security.dataflow.UrlRedirectQuery
Direct supertypes
Inherited predicates
asDefinition | Gets the definition corresponding to this node, if any. | from Node |
asDefinitionAtNode | Gets the definition corresponding to this node, at control flow node | from Node |
asExpr | Gets the expression corresponding to this node, if any. | from Node |
asExprAtNode | Gets the expression corresponding to this node, at control flow node | from Node |
asParameter | Gets the parameter corresponding to this node, if any. | from Node |
getControlFlowNode | Gets the control flow node corresponding to this node, if any. | from Node |
getEnclosingCallable | Gets the enclosing callable of this node. | from Node |
getExpr | Gets the expression corresponding to this node. | from ExprNode |
getExprAtNode | Gets the expression corresponding to this node, at control flow node | from ExprNode |
getLocation | Gets the location of this node. | from Node |
getType | Gets the type of this node. | from Node |
hasLocationInfo | Holds if this element is at the specified location. The location spans column | from Node |
toString | Gets a textual representation of this node. | from Node |