CodeQL library for Python
codeql/python-all 1.0.6 (changelog, source)
Search

Module HttpHeaderInjection

Provides default sources, sinks, and sanitizers for detecting “HTTP Header injection” vulnerabilities, as well as extension points for adding your own.

Import path

import semmle.python.security.dataflow.HttpHeaderInjectionCustomizations

Classes

HeaderWriteAsSink

A HTTP header write, considered as a flow sink.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source.

ReplaceLineBreaksSanitizer

A call to replace line breaks, considered as a sanitizer.

Sanitizer

A data flow sanitizer for “HTTP Header injection” vulnerabilities.

Sink

A data flow sink for “HTTP Header injection” vulnerabilities.

Source

A data flow source for “HTTP Header injection” vulnerabilities.