CodeQL library for C#
codeql/csharp-all 1.0.1 (changelog, source)
Search

Module RegexInjectionQuery

Provides a taint-tracking configuration for reasoning about untrusted user input used to construct regular expressions.

Import path

import semmle.code.csharp.security.dataflow.RegexInjectionQuery

Imports

csharp

The default C# QL library.

Classes

RegexEscapeSanitizer

A call to Regex.Escape that sanitizes the user input for use in a regex.

RegexObjectCreationSink

A pattern argument to a construction of a Regex.

RemoteSource

DEPRECATED: Use ThreatModelSource instead.

Sanitizer

A sanitizer for untrusted user input used to construct regular expressions.

Sink

A data flow sink for untrusted user input used to construct regular expressions.

Source

A data flow source for untrusted user input used to construct regular expressions.

TaintTrackingConfiguration

DEPRECATED: Use RegexInjection instead.

ThreatModelSource

A source supported by the current threat model.

Aliases

RegexInjection

A taint-tracking module for untrusted user input used to construct regular expressions.