CodeQL library for C#
codeql/csharp-all 3.0.1 (changelog, source)
Search

Module CodeInjectionQuery

Provides a taint-tracking configuration for reasoning about user input treated as code vulnerabilities.

Import path

import semmle.code.csharp.security.dataflow.CodeInjectionQuery

Imports

csharp

The default C# QL library.

Classes

CompileAssemblyFromSourceSink

A source argument to a call to ICodeCompiler.CompileAssemblyFromSource* which is a sink for code injection vulnerabilities.

LocalSource

DEPRECATED: Use ThreatModelSource instead.

RemoteSource

DEPRECATED: Use ThreatModelSource instead.

RoslynCSharpScriptSink

A code argument to a call to a method on CSharpScript.

Sanitizer

A sanitizer for user input treated as code vulnerabilities.

Sink

A data flow sink for user input treated as code vulnerabilities.

Source

A data flow source for user input treated as code vulnerabilities.

ThreatModelSource

A source supported by the current threat model.

Aliases

CodeInjection

A taint-tracking module for user input treated as code vulnerabilities.