Module RequestForgery
Provides classes and predicates for the request forgery query.
Import path
import semmle.go.security.RequestForgeryCustomizations
Classes
RedirectCheckBarrierGuardAsBarrierGuard | A call to a function called |
RegexpCheckAsBarrierGuard | A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs. |
Sanitizer | A sanitizer for request forgery vulnerabilities. |
SanitizerEdge | An outgoing sanitizer edge for request forgery vulnerabilities. |
Sink | A data flow sink for request forgery vulnerabilities. |
Source | A data flow source for request forgery vulnerabilities. |
UntrustedFlowAsSource | DEPRECATED: Use |
UrlCheckAsBarrierGuard | An equality check comparing a data-flow node against a constant string, considered as a barrier guard for sanitizing untrusted URLs. |
WebSocketCallAsSink | The URL of a WebSocket request, viewed as a sink for request forgery. |