CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.3 (changelog, source)
Index
Search

Module RequestForgeryQuery

Provides a taint-tracking configuration for reasoning about request forgery.

Note, for performance reasons: only import this file if RequestForgery::Configuration is needed, otherwise RequestForgeryCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.RequestForgeryQuery

Imports

RequestForgery
UrlConcatenation

Provides a class for detecting string concatenations involving the characters ? and #, which are considered sanitizers for the URL redirection queries.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

DEPRECATED. Use the RequestForgeryFlow module instead.

Modules

RequestForgeryConfig

A taint tracking configuration for server-side request forgery.

Aliases

RequestForgeryFlow

Taint tracking for server-side request forgery.