Module CodeInjectionQuery

Provides a taint-tracking configuration for reasoning about user input treated as code vulnerabilities.

Import path

import semmle.code.csharp.security.dataflow.CodeInjectionQuery

The default C# QL library.

CompileAssemblyFromSourceSink	A `source` argument to a call to `ICodeCompiler.CompileAssemblyFromSource*` which is a sink for code injection vulnerabilities.
LocalSource	DEPRECATED: Use `ThreatModelSource` instead.
RemoteSource	DEPRECATED: Use `ThreatModelSource` instead.
RoslynCSharpScriptSink	A `code` argument to a call to a method on `CSharpScript`.
Sanitizer	A sanitizer for user input treated as code vulnerabilities.
Sink	A data flow sink for user input treated as code vulnerabilities.
Source	A data flow source for user input treated as code vulnerabilities.
ThreatModelSource	A source supported by the current threat model.

A taint-tracking module for user input treated as code vulnerabilities.