CodeQL library for Go
codeql/go-all 2.1.3 (changelog, source)
Search

Module RequestForgery

Provides classes and predicates for the request forgery query.

Import path

import semmle.go.security.RequestForgeryCustomizations

Classes

RedirectCheckBarrierGuardAsBarrierGuard

A call to a function called isLocalUrl, isValidRedirect, or similar, which is considered a barrier guard.

RegexpCheckAsBarrierGuard

A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.

Sanitizer

A sanitizer for request forgery vulnerabilities.

SanitizerEdge

An outgoing sanitizer edge for request forgery vulnerabilities.

Sink

A data flow sink for request forgery vulnerabilities.

Source

A data flow source for request forgery vulnerabilities.

UntrustedFlowAsSource

DEPRECATED: Use ActiveThreatModelSource or Source instead.

UrlCheckAsBarrierGuard

An equality check comparing a data-flow node against a constant string, considered as a barrier guard for sanitizing untrusted URLs.

WebSocketCallAsSink

The URL of a WebSocket request, viewed as a sink for request forgery.