Module ServerSideUrlRedirect

Provides a taint-tracking configuration for reasoning about unvalidated URL redirection problems on the server side.

Import path

semmle.javascript.security.dataflow.ServerSideUrlRedirect

Imports

RemoteFlowSources

Provides a class for modelling sources of remote user input.

UrlConcatenation

Provides a class for detecting string concatenations involving the characters ? and #, which are considered sanitizers for the URL redirection queries.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Modules

Aliases

ServerSideUrlRedirectDataFlowConfiguration

DEPRECATED: Use ServerSideUrlRedirect::Configuration instead.

ServerSideUrlRedirectSanitizer

DEPRECATED: Use ServerSideUrlRedirect::Sanitizer instead.

ServerSideUrlRedirectSink

DEPRECATED: Use ServerSideUrlRedirect::Sink instead.

ServerSideUrlRedirectSource

DEPRECATED: Use ServerSideUrlRedirect::Source instead.