CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.14 (changelog, source)
Index
Search

Class TaintTracking::LegacyTaintStep

A taint-propagating data flow edge that should be used with the old data flow library.

This class is a singleton, and thus subclasses do not need to specify a characteristic predicate.

Note: For performance reasons, all subclasses of this class should be part of the standard library. Override Configuration::isAdditionalTaintStep for analysis-specific taint steps.

This class has multiple kinds of step predicates; these all have the same effect on taint-tracking configurations. However, the categorization of steps allows some data-flow configurations to opt in to specific kinds of taint steps.

Import path

import javascript

Direct supertypes

Indirect supertypes

Known direct subtypes

    Predicates

    arrayStep

    Holds if predsucc should be considered a taint-propagating data flow edge through arrays.

    deserializeStep

    Holds if predsucc should be considered a taint-propagating data flow edge through data deserialization, such as JSON.parse.

    heapStep

    Holds if predsucc should be considered a taint-propagating data flow edge through the heap.

    heuristicStep

    Holds if predsucc should be considered a taint-propagating data flow edge contributed by the heuristics library.

    persistentStorageStep

    Holds if predsucc should be considered a taint-propagating data flow edge through persistent storage.

    promiseStep

    Holds if predsucc should be considered a taint-propagating data flow edge through a promise.

    serializeStep

    Holds if predsucc should be considered a taint-propagating data flow edge through data serialization, such as JSON.stringify.

    step

    Holds if predsucc should be considered a taint-propagating data flow edge.

    stringConcatenationStep

    Holds if predsucc should be considered a taint-propagating data flow edge through string concatenation.

    stringManipulationStep

    Holds if predsucc should be considered a taint-propagating data flow edge through string manipulation (other than concatenation).

    uriStep

    Holds if predsucc should be considered a taint-propagating data flow edge through URI manipulation.

    viewComponentStep

    Holds if predsucc should be considered a taint-propagating data flow edge through the state or props or a React component.

    Inherited predicates

    toString

    Gets a textual representation of this element.

    		from Unit