Import path
import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizations
Classes
CorsOriginHeaderWithAssociatedCredentialHeader |
The value of an “Access-Control-Allow-Origin” HTTP header with an associated “Access-Control-Allow-Credentials” HTTP header with a truthy value. |
NullToStringValue |
A value that is or coerces to the string “null”. This is considered a source because the “null” origin is easy to obtain for an attacker. |
RemoteFlowSourceAsSource |
A source of remote user input, considered as a flow source for CORS misconfiguration. |
Sanitizer |
A sanitizer for CORS misconfiguration for credentials transfer. |
Sink |
A data flow sink for CORS misconfiguration for credentials transfer. |
Source |
A data flow source for CORS misconfiguration for credentials transfer. |