CodeQL library for C#
codeql/csharp-all 5.3.0 (changelog, source)
Index
Search

Module MissingXMLValidationQuery

Provides a taint-tracking configuration for reasoning about untrusted user input processed as XML without validation against a known schema.

Import path

import semmle.code.csharp.security.dataflow.MissingXMLValidationQuery

Imports

csharp

The default C# QL library.

Classes

RemoteSource

DEPRECATED: Use ActiveThreatModelSource instead.

Sanitizer

A sanitizer for untrusted user input processed as XML without validation against a known schema.

Sink

A data flow sink for untrusted user input processed as XML without validation against a known schema.

Source

A data flow source for untrusted user input processed as XML without validation against a known schema.

ThreatModelSource

A source supported by the current threat model.

XmlReaderCreateCallSink

The input argument to a call to XmlReader.Create where the input will not be validated against a schema.

Aliases

MissingXmlValidation

A taint-tracking module for untrusted user input processed as XML without validation against a known schema.