CodeQL library for JavaScript
Search

Module UrlConcatenation

Provides a class for detecting string concatenations involving the characters ? and #, which are considered sanitizers for the URL redirection queries.

Import path

import semmle.javascript.security.dataflow.UrlConcatenation

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

hostnameSanitizingPrefixEdge

Holds if data that flows from source to sink cannot affect the hostname or scheme of the resulting string when interpreted as a URL.

sanitizingPrefixEdge

Holds if data that flows from source to sink cannot affect the path or earlier part of the resulting string when interpreted as a URL.

Classes

HostnameSanitizerGuard

A check that sanitizes the hostname of a URL.