CodeQL library for C#
codeql/csharp-all 1.0.3-dev (changelog, source)
Search

Module ReDoSQuery

Provides a taint-tracking configuration for reasoning about untrusted user input used in dangerous regular expression operations.

Import path

import semmle.code.csharp.security.dataflow.ReDoSQuery

Imports

csharp

The default C# QL library.

Predicates

isExponentialRegex

An expression that represents a regular expression with potential exponential behavior.

Classes

ExponentialRegexDataflow

DEPRECATED: Use ExponentialRegexDataflow instead.

ExponentialRegexSink

An expression passed as the input to a call to a Regex method, where the regex appears to have exponential behavior.

RemoteSource

DEPRECATED: Use ThreatModelSource instead.

Sanitizer

A sanitizer for untrusted user input used in dangerous regular expression operations.

Sink

A data flow sink for untrusted user input used in dangerous regular expression operations.

Source

A data flow source for untrusted user input used in dangerous regular expression operations.

TaintTrackingConfiguration

DEPRECATED: Use ReDoS instead.

ThreatModelSource

A source supported by the current threat model.

Aliases

ExponentialRegexDataFlow

Constructs a global data flow computation.

ReDoS

A taint-tracking module for untrusted user input used in dangerous regular expression operations.