Import path
import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizationsClasses
| CorsOriginHeaderWithAssociatedCredentialHeader | The value of an “Access-Control-Allow-Origin” HTTP header with an associated “Access-Control-Allow-Credentials” HTTP header with a truthy value. |
| NullToStringValue | A value that is or coerces to the string “null”. This is considered a source because the “null” origin is easy to obtain for an attacker. |
| RemoteFlowSourceAsSource | A source of remote user input, considered as a flow source for CORS misconfiguration. |
| Sanitizer | A sanitizer for CORS misconfiguration for credentials transfer. |
| Sink | A data flow sink for CORS misconfiguration for credentials transfer. |
| Source | A data flow source for CORS misconfiguration for credentials transfer. |