CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.8.13 (changelog, source)
Index
Search

Module ServerSideUrlRedirectQuery

Provides a taint-tracking configuration for reasoning about unvalidated URL redirection problems on the server side.

Note, for performance reasons: only import this file if ServerSideUrlRedirect::Configuration is needed, otherwise ServerSideUrlRedirectCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.ServerSideUrlRedirectQuery

Imports

RemoteFlowSources

Provides a class for modeling sources of remote user input.

ServerSideUrlRedirect
UrlConcatenation

Provides a class for detecting string concatenations involving the characters ? and #, which are considered sanitizers for the URL redirection queries.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint-tracking configuration for reasoning about unvalidated URL redirections.

LocalUrlSanitizingGuard

A call to a function called isLocalUrl or similar, which is considered to sanitize a variable for purposes of URL redirection.