Predicate hasHostnameSanitizingSubstring
Holds if the string value of nd
prevents anything appended after it
from affecting the hostname of a URL.
Specifically, this holds if the string contains any of the following:
?
(any suffix becomes part of query)#
(any suffix becomes part of fragment)/
or\
, immediately prefixed by a character other than:
,/
, or\
(any suffix becomes part of the path)- a leading
/
or\
followed by a character other than/
or\
(any suffix becomes part of the path)
In the latter two cases, the additional check is necessary to avoid a /
that could be interpreted as
the //
separating the (optional) scheme from the hostname.
Import path
import semmle.go.security.UrlConcatenation
predicate hasHostnameSanitizingSubstring(Node nd)