Import path
import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsCustomizations
Classes
CorsOriginHeaderWithAssociatedCredentialHeader | The value of an “Access-Control-Allow-Origin” HTTP header with an associated “Access-Control-Allow-Credentials” HTTP header with a truthy value. |
NullToStringValue | A value that is or coerces to the string “null”. This is considered a source because the “null” origin is easy to obtain for an attacker. |
RemoteFlowSourceAsSource | DEPRECATED: Use |
Sanitizer | A sanitizer for CORS misconfiguration for credentials transfer. |
Sink | A data flow sink for CORS misconfiguration for credentials transfer. |
Source | A data flow source for CORS misconfiguration for credentials transfer. |