CodeQL library for Go
codeql/go-all 2.1.3 (changelog, source)
Search

Module UrlConcatenation

Provides a class for detecting string concatenations involving the characters ? and #, which are considered sanitizers for the URL redirection queries.

Import path

import semmle.go.security.UrlConcatenation

Imports

go

Provides classes for working with Go programs.

Predicates

hasHostnameSanitizingSubstring

Holds if the string value of nd prevents anything appended after it from affecting the hostname of a URL.

hostnameSanitizingPrefixEdge

Holds if data that flows from source to sink cannot affect the hostname or scheme of the resulting string when interpreted as a URL.

sanitizingPrefixEdge

Holds if data that flows from source to sink cannot affect the path or earlier part of the resulting string when interpreted as a URL.