CodeQL library for JavaScript
Search

Module ClientSideUrlRedirect

Import path

import semmle.javascript.security.dataflow.ClientSideUrlRedirectCustomizations

Predicates

untrustedUrlSubstring

Holds if substring refers to a substring of base which is considered untrusted when base is the current URL.

Classes

AttributeWriteUrlSink

A write of an attribute which may execute JavaScript code or exfiltrate data to an attacker controlled site.

DocumentUrl

A flow label for values that represent the URL of the current document, and hence are only partially user-controlled.

HistoryWriteUrlSink

A write to the location using the history library

ImportScriptsSink

An argument to importScripts(..) - which is used inside WebWorkers to import new scripts - viewed as a ScriptUrlSink.

LocationSink

A sink which is used to set the window location.

NextRoutePushUrlSink

A call to change the current url with a Next.js router.

ReactAttributeWriteUrlSink

A write to an React attribute which may execute JavaScript code.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for unvalidated URL redirects.

Sanitizer

A sanitizer for unvalidated URL redirect vulnerabilities.

ScriptUrlSink

An expression that may be interpreted as the URL of a script.

Sink

A data flow sink for unvalidated URL redirect vulnerabilities.

Source

A data flow source for unvalidated URL redirect vulnerabilities.

SrcAttributeUrlSink

A script or iframe src attribute, viewed as a ScriptUrlSink.

WebWorkerScriptUrlSink

An argument expression to new Worker(...), viewed as a ScriptUrlSink.

Aliases

queryAccess

DEPRECATED. Can usually be replaced with untrustedUrlSubstring. Query accesses via location.hash or location.search are now independent RemoteFlowSource instances, and only substrings of location need to be handled via steps.