CodeQL library for C#
codeql/csharp-all 5.1.9 (changelog, source)
Search

Module XpathInjectionConfig

A taint-tracking configuration for untrusted user input used in XPath expression.

Import path

import semmle.code.csharp.security.dataflow.XPathInjectionQuery

Predicates

isBarrier

Holds if data flow through node is prohibited. This completely removes node from the data flow graph.

isSink

Holds if sink is a relevant data flow sink.

isSource

Holds if source is a relevant data flow source.

observeDiffInformedIncrementalMode

Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by AlertFiltering. This only has an effect when running in diff-informed incremental mode.