CodeQL library for Go
codeql/go-all 2.1.3-dev (changelog, source)
Index
Search

Class SharedXss::MetacharEscapeSanitizer

A regexp replacement involving an HTML meta-character, or a call to an escape function, viewed as a sanitizer for XSS vulnerabilities.

The XSS queries do not attempt to reason about correctness or completeness of sanitizers, so any such call stops taint propagation.

Import path

import semmle.go.security.Xss

Direct supertypes

Indirect supertypes

Inherited fields

exprfrom CallNode
insnfrom ExprNode

Inherited predicates

asExpr

Gets the expression corresponding to this node, if any.

from ExprNode
asInstruction

Gets the IR instruction corresponding to this node, if any.

from InstructionNode
asParameter

Gets the parameter corresponding to this node, if any.

from Node
getACallee

As getACalleeIncludingExternals, except excluding external functions (those for which we lack a definition, such as standard library functions).

from CallNode
getACalleeIncludingExternals

Gets the definition of a possible target of this call.

from CallNode
getACalleeWithoutVirtualDispatch

Gets the definition of a possible target of this call, excluding targets reachable via virtual dispatch.

from CallNode
getAPredecessor

Gets a data-flow node from which data may flow to this node in one (intra-procedural) step.

from Node
getAResult

Gets a result of this call.

from CallNode
getASuccessor

Gets a data-flow node to which data may flow from this node in one (intra-procedural) step.

from Node
getASyntacticArgument

Gets a data flow node corresponding to an argument of this call, where tuple extraction has been done but arguments corresponding to a variadic parameter are still considered separate.

from CallNode
getAnArgument

Gets the data flow node corresponding to an argument of this call.

from CallNode
getAnImplicitVarargsArgument

Gets an argument without an ellipsis after it which is passed to the varargs parameter of the target of this call (if there is one).

from CallNode
getArgument

Gets the data flow node corresponding to the ith argument of this call.

from CallNode
getBasicBlock

Gets the basic block to which this data-flow node belongs, if any.

from Node
getBoolValue

Gets the Boolean value this data-flow node contains, if any.

from Node
getCall

Gets the underlying call.

from CallNode
getCallback

Gets a function passed as the ith argument of this call.

from CallNode
getCalleeName

Gets the name of the function, method or variable that is being called.

from CallNode
getCalleeNode

Gets the data flow node specifying the function to be called.

from CallNode
getEnclosingCallable

INTERNAL: Use getRoot() instead.

from Node
getEndColumn

Gets the end column of the location of this node.

from Node
getEndLine

Gets the end line of the location of this node.

from Node
getExactValue

Gets the string representation of the exact value this data-flow node contains, if any.

from Node
getExpr

Gets the underlying expression this node corresponds to.

from ExprNode
getFile

Gets the file in which this node appears.

from Node
getFloatValue

Gets the floating-point value this data-flow node contains, if any.

from Node
getImplicitVarargsArgument

Gets the ’i’th argument without an ellipsis after it which is passed to the varargs parameter of the target of this call (if there is one).

from CallNode
getIntValue

Gets the integer value this data-flow node contains, if any.

from Node
getLocation

Gets the location of this node.

from Node
getNodeKind

Gets a textual representation of the kind of this data-flow node.

from InstructionNode
getNumArgument

Gets the number of arguments of this call, if it can be determined.

from CallNode
getNumericValue

Gets either getFloatValue or getIntValue.

from Node
getReceiver

Gets the data flow node corresponding to the receiver of this call, if any.

from CallNode
getResult

Gets the data-flow node corresponding to the result of this call.

from CallNode
getResult

Gets the data-flow node corresponding to the ith result of this call.

from CallNode
getRoot

Gets the function to which this node belongs.

from InstructionNode
getStartColumn

Gets the start column of the location of this node.

from Node
getStartLine

Gets the start line of the location of this node.

from Node
getStringValue

Gets the string value this data-flow node contains, if any.

from Node
getSyntacticArgument

Gets the ith argument of this call, where tuple extraction has been done but arguments corresponding to a variadic parameter are still considered separate.

from CallNode
getTarget

Gets the declared target of this call, if it exists.

from CallNode
getType

Gets the type of this node.

from InstructionNode
getTypeBound

Gets an upper bound on the type of this node.

from Node
hasComplexValue

Holds if the complex value this data-flow node contains has real part real and imaginary part imag.

from Node
hasEllipsis

Holds if this call has an ellipsis after its last argument.

from CallNode
hasLocationInfo

Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

from InstructionNode
isConst

Holds if the value of this data-flow node is known at compile time.

from Node
isPlatformIndependentConstant

Holds if the result of this instruction is known at compile time, and is guaranteed not to depend on the platform where it is evaluated.

from Node
toString

Gets a textual representation of this element.

from InstructionNode

Charpred

MetacharEscapeSanitizer