Module ClientSideUrlRedirect
Import path
import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations
Predicates
untrustedUrlSubstring | Holds if |
Classes
AttributeUrlSink | A write to a |
AttributeWriteUrlSink | A write of an attribute which may execute JavaScript code or exfiltrate data to an attacker controlled site. |
DocumentUrl | A flow label for values that represent the URL of the current document, and hence are only partially user-controlled. |
ElectronShellOpenExternalSink | The first argument to a call to |
HistoryWriteUrlSink | A write to the location using the history library |
ImportScriptsSink | An argument to |
LocationSink | A sink which is used to set the window location. |
NextRoutePushUrlSink | A call to change the current url with a Next.js router. |
ReactAttributeWriteUrlSink | A write to an React attribute which may execute JavaScript code. |
RemoteFlowSourceAsSource | A source of remote user input, considered as a flow source for unvalidated URL redirects. |
Sanitizer | A sanitizer for unvalidated URL redirect vulnerabilities. |
ScriptUrlSink | An expression that may be interpreted as the URL of a script. |
Sink | A data flow sink for unvalidated URL redirect vulnerabilities. |
Source | A data flow source for unvalidated URL redirect vulnerabilities. |
WebWorkerScriptUrlSink | An argument expression to |