Import path
import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizations
Classes
| CorsOriginHeaderWithAssociatedCredentialHeader |
The value of an “Access-Control-Allow-Origin” HTTP header with an associated “Access-Control-Allow-Credentials” HTTP header with a truthy value. |
| NullToStringValue |
A value that is or coerces to the string “null”. This is considered a source because the “null” origin is easy to obtain for an attacker. |
| RemoteFlowSourceAsSource |
A source of remote user input, considered as a flow source for CORS misconfiguration. |
| Sanitizer |
A sanitizer for CORS misconfiguration for credentials transfer. |
| Sink |
A data flow sink for CORS misconfiguration for credentials transfer. |
| Source |
A data flow source for CORS misconfiguration for credentials transfer. |