CodeQL library for JavaScript
Search

Module ClientSideUrlRedirect

Import path

import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations

Predicates

queryAccess

Holds if queryAccess is an expression that may access the query string of a URL that flows into nd (that is, the part after the ?).

Classes

AttributeWriteUrlSink

A write of an attribute which may execute JavaScript code or exfiltrate data to an attacker controlled site.

DocumentUrl

A flow label for values that represent the URL of the current document, and hence are only partially user-controlled.

ImportScriptsSink

An argument to importScripts(..) - which is used inside WebWorkers to import new scripts - viewed as a ScriptUrlSink.

LocationSink

A sink which is used to set the window location.

QueryPrefixSanitizer

A sanitizer that reads the first part a location split by “?”, e.g. location.href.split('?')[0].

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for unvalidated URL redirects.

Sanitizer

A sanitizer for unvalidated URL redirect vulnerabilities.

ScriptUrlSink

An expression that may be interpreted as the URL of a script.

Sink

A data flow sink for unvalidated URL redirect vulnerabilities.

Source

A data flow source for unvalidated URL redirect vulnerabilities.

SrcAttributeUrlSink

A script or iframe src attribute, viewed as a ScriptUrlSink.

WebWorkerScriptUrlSink

An argument expression to new Worker(...), viewed as a ScriptUrlSink.