For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

UrlConcatenation

Import path
Imports
Predicates
Classes

Module UrlConcatenation

Provides a class for detecting string concatenations involving the characters ? and #, which are considered sanitizers for the URL redirection queries.

Import path


                                import semmle.javascript.security.dataflow.UrlConcatenation

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

hostnameSanitizingPrefixEdge	Holds if data that flows from `source` to `sink` cannot affect the hostname or scheme of the resulting string when interpreted as a URL.
sanitizingPrefixEdge	Holds if data that flows from `source` to `sink` cannot affect the path or earlier part of the resulting string when interpreted as a URL.

Classes

HostnameSanitizerGuard

A check that sanitizes the hostname of a URL.