CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.1.2-dev (changelog, source)
Search

Module CorsMisconfigurationForCredentials

Import path

import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizations

Classes

CorsOriginHeaderWithAssociatedCredentialHeader

The value of an “Access-Control-Allow-Origin” HTTP header with an associated “Access-Control-Allow-Credentials” HTTP header with a truthy value.

NullToStringValue

A value that is or coerces to the string “null”. This is considered a source because the “null” origin is easy to obtain for an attacker.

RemoteFlowSourceAsSource

DEPRECATED: Use ActiveThreatModelSource from Concepts instead!

Sanitizer

A sanitizer for CORS misconfiguration for credentials transfer.

Sink

A data flow sink for CORS misconfiguration for credentials transfer.

Source

A data flow source for CORS misconfiguration for credentials transfer.