CodeQL library for Go
codeql/go-all 2.1.4-dev (changelog, source)
Search

Module ReflectedXss

Provides extension points for customizing the taint-tracking configuration for reasoning about reflected cross-site scripting vulnerabilities.

Import path

import semmle.go.security.ReflectedXssCustomizations

Classes

CookieSanitizer

A request.Cookie method returns the request cookie, which is not user controlled in reflected XSS context.

Sanitizer

A sanitizer for reflected XSS vulnerabilities.

Sink

A data flow sink for reflected XSS vulnerabilities.

Source

A data flow source for reflected XSS vulnerabilities.

UntrustedFlowAsSource

DEPRECATED: Use ActiveThreatModelSource or Source instead.