Module CorsMisconfigurationForCredentials::CorsMisconfigurationForCredentials

Classes

Configuration

A data flow configuration for CORS misconfiguration for credentials transfer.

CorsOriginHeaderWithAssociatedCredentialHeader

The value of an “Access-Control-Allow-Origin” HTTP header with an associated “Access-Control-Allow-Credentials” HTTP header with a truthy value.

NullToStringValue

A value that is or coerces to the string “null”. This is considered a source because the “null” origin is easy to obtain for an attacker.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for CORS misconfiguration.

Sanitizer

A sanitizer for CORS misconfiguration for credentials transfer.

Sink

A data flow sink for CORS misconfiguration for credentials transfer.

Source

A data flow source for CORS misconfiguration for credentials transfer.