Module CodeInjectionQuery

Provides a taint-tracking configuration for reasoning about user input treated as code vulnerabilities.

Import path

import semmle.code.csharp.security.dataflow.CodeInjectionQuery

The default C# QL library.

CompileAssemblyFromSourceSink	A `source` argument to a call to `ICodeCompiler.CompileAssemblyFromSource*` which is a sink for code injection vulnerabilities.
LocalSource	A source of local user input.
RemoteSource	A source of remote user input.
RoslynCSharpScriptSink	A `code` argument to a call to a method on `CSharpScript`.
Sanitizer	A sanitizer for user input treated as code vulnerabilities.
Sink	A data flow sink for user input treated as code vulnerabilities.
Source	A data flow source for user input treated as code vulnerabilities.
TaintTrackingConfiguration	DEPRECATED: Use `CodeInjection` instead.

A taint-tracking module for user input treated as code vulnerabilities.