CodeQL library for C#
codeql/csharp-all 0.9.0 (changelog, source)
Search

Module TaintedPathQuery

Provides a taint-tracking configuration for reasoning about uncontrolled data in path expression vulnerabilities.

Import path

import semmle.code.csharp.security.dataflow.TaintedPathQuery

Imports

csharp

The default C# QL library.

Classes

DirectorySink

A path argument to a Directory method call.

FileCreateSink

A path argument to a File method call.

FileStreamSink

A path argument to a FileStream constructor call.

PathCheck

A conditional involving the path, that is not considered to be a weak check.

RemoteSource

DEPRECATED: Use ThreatModelSource instead.

RequestMapPathSanitizer

A call to HttpRequest.MapPath that is considered to sanitize the input.

Sanitizer

A sanitizer for uncontrolled data in path expression vulnerabilities.

Sink

A data flow sink for uncontrolled data in path expression vulnerabilities.

Source

A data flow source for uncontrolled data in path expression vulnerabilities.

StreamWriterTaintedPathSink

A path argument to a StreamWriter constructor call.

TaintTrackingConfiguration

DEPRECATED: Use TaintedPath instead.

ThreatModelSource

A source supported by the current threat model.

Aliases

TaintedPath

A taint-tracking module for uncontrolled data in path expression vulnerabilities.