Module UrlRedirect::UrlRedirect

Imports

AspNetCore

Provides classes for working with Microsoft.AspNetCore.Mvc.

Guards

Provides classes for working with guarded expressions.

Mvc

Provides definitions related to the namespace System.Web.Mvc.

Remote

Provides classes representing data flow sources for remote user input.

Sanitizers

Provides classes for identifying expressions that might be sanitized.

Web

Provides definitions related to the namespace System.Web.

Classes

AspNetCoreLocationHeaderSink

Anything that is setting “location” header in the response headers.

AspNetCoreRedirectSink

A URL argument to a call to HttpResponse.Redirect() or Controller.Redirect(), that is a sink for URL redirects.

ConcatenationSanitizer

A string concatenation expression, where the left hand side contains the character “?”.

HttpServerTransferSink

A path argument to a call to HttpServerUtility.Transfer.

IsLocalUrlSanitizer

A URL argument to a call to UrlHelper.isLocalUrl() that is a sanitizer for URL redirects.

LocationHeaderSink

A value argument to a call to AddHeader or AppendHeader that adds the Location.

RawUrlSanitizer

A call to the getter of the RawUrl property, whose value is considered to be safe for URL redirects.

RedirectSink

A URL argument to a call to HttpResponse.Redirect() or Controller.Redirect(), that is a sink for URL redirects.

RemoteSource

A source of remote user input.

Sanitizer

A sanitizer for unvalidated URL redirect vulnerabilities.

Sink

A data flow sink for unvalidated URL redirect vulnerabilities.

Source

A data flow source for unvalidated URL redirect vulnerabilities.

TaintTrackingConfiguration

A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities.

UrlEncodeSanitizer

A call to an URL encoder.