CodeQL library for C#
codeql/csharp-all 0.8.12 (changelog, source)
Search

Class Sink

A data flow sink for untrusted user input processed as XML without validation against a known schema.

Import path

import semmle.code.csharp.security.dataflow.MissingXMLValidationQuery

Direct supertypes

Indirect supertypes

Known direct subtypes

Predicates

getReason

Gets a string describing the reason why this is a sink.

Inherited predicates

asDefinition

Gets the definition corresponding to this node, if any.

from Node
asDefinitionAtNode

Gets the definition corresponding to this node, at control flow node cfn, if any.

from Node
asExpr

Gets the expression corresponding to this node, if any.

from Node
asExprAtNode

Gets the expression corresponding to this node, at control flow node cfn, if any.

from Node
asParameter

Gets the parameter corresponding to this node, if any.

from Node
getControlFlowNode

Gets the control flow node corresponding to this node, if any.

from Node
getEnclosingCallable

Gets the enclosing callable of this node.

from Node
getExpr

Gets the expression corresponding to this node.

from ExprNode
getExprAtNode

Gets the expression corresponding to this node, at control flow node cfn, if any.

from ExprNode
getLocation

Gets the location of this node.

from Node
getType

Gets the type of this node.

from Node
hasLocationInfo

Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

from Node
toString

Gets a textual representation of this node.

from Node