Module RequestForgery

Provides classes and predicates for the request forgery query.

Import path

import semmle.go.security.RequestForgeryCustomizations

RedirectCheckBarrierGuardAsBarrierGuard	A call to a function called `isLocalUrl`, `isValidRedirect`, or similar, which is considered a barrier guard.
RegexpCheckAsBarrierGuard	A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
Sanitizer	A sanitizer for request forgery vulnerabilities.
SanitizerEdge	An outgoing sanitizer edge for request forgery vulnerabilities.
Sink	A data flow sink for request forgery vulnerabilities.
Source	A data flow source for request forgery vulnerabilities.
UntrustedFlowAsSource	DEPRECATED: Use `ActiveThreatModelSource` or `Source` instead.
UrlCheckAsBarrierGuard	An equality check comparing a data-flow node against a constant string, considered as a barrier guard for sanitizing untrusted URLs.
WebSocketCallAsSink	The URL of a WebSocket request, viewed as a sink for request forgery.