CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.7.2 (changelog, source)
Index
Search

Module ClientSideRequestForgeryQuery

Provides a taint-tracking configuration for reasoning about client-side request forgery.

Note, for performance reasons: only import this file if the Configuration class is needed, otherwise RequestForgeryCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery

Imports

RequestForgery
UrlConcatenation

Provides a class for detecting string concatenations involving the characters ? and #, which are considered sanitizers for the URL redirection queries.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

DEPRECATED. Use the ClientSideRequestForgeryFlow module instead.

Modules

ClientSideRequestForgeryConfig

A taint tracking configuration for client-side request forgery.

Aliases

ClientSideRequestForgeryFlow

Taint tracking for client-side request forgery.