CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.2-dev (changelog, source)
Search

Module ClientSideUrlRedirect

Import path

import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations

Predicates

untrustedUrlSubstring

Holds if substring refers to a substring of base which is considered untrusted when base is the current URL.

Classes

AttributeUrlSink

A write to a href or similar attribute viewed as a ScriptUrlSink.

AttributeWriteUrlSink

A write of an attribute which may execute JavaScript code or exfiltrate data to an attacker controlled site.

DocumentUrl

A flow label for values that represent the URL of the current document, and hence are only partially user-controlled.

ElectronShellOpenExternalSink

The first argument to a call to openExternal seen as a sink for unvalidated URL redirection. Improper use of openExternal can be leveraged to compromise the user’s host. When openExternal is used with untrusted content, it can be leveraged to execute arbitrary commands.

HistoryWriteUrlSink

A write to the location using the history library

ImportScriptsSink

An argument to importScripts(..) - which is used inside WebWorkers to import new scripts - viewed as a ScriptUrlSink.

LocationSink

A sink which is used to set the window location.

NextRoutePushUrlSink

A call to change the current url with a Next.js router.

ReactAttributeWriteUrlSink

A write to an React attribute which may execute JavaScript code.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for unvalidated URL redirects.

Sanitizer

A sanitizer for unvalidated URL redirect vulnerabilities.

ScriptUrlSink

An expression that may be interpreted as the URL of a script.

Sink

A data flow sink for unvalidated URL redirect vulnerabilities.

Source

A data flow source for unvalidated URL redirect vulnerabilities.

WebWorkerScriptUrlSink

An argument expression to new Worker(...), viewed as a ScriptUrlSink.