Module TaintTracking
Provides classes for modeling taint propagation.
Import path
import javascript
Predicates
arrayStep | Holds if |
deserializeStep | Holds if |
heapStep | Holds if |
isNumberGuard | Holds if |
isStringTypeGuard | A test for the value of |
isTypeofGuard | Holds if |
isUrlSearchParams | Holds if |
persistentStorageStep | Holds if |
promiseStep | Holds if |
serializeStep | Holds if |
sharedTaintStep | Holds if |
stringConcatenationStep | Holds if |
stringManipulationStep | Holds if |
uriStep | Holds if |
viewComponentStep | Holds if |
Classes
AdHocWhitelistCheckSanitizer | A check of the form |
AdditionalSanitizerGuardNode | A |
Configuration | A data flow tracking configuration that considers taint propagation through objects, arrays, promises and strings in addition to standard data flow. |
ErrorConstructorTaintStep | A taint step through an exception constructor, such as |
InSanitizer | A check of the form |
IsEmptyGuard | A test of form |
LabeledSanitizerGuardNode | A sanitizer guard node that only blocks specific flow labels. |
MembershipTestSanitizer | A check of the form |
PositiveIndexOfSanitizer | A check of form |
SanitizerGuardNode | A node that can act as a sanitizer when appearing in a condition. |
SanitizingRegExpTest | A conditional checking a tainted string against a regular expression, which is considered to be a sanitizer for all configurations. |
SharedTaintStep | A taint-propagating data flow edge that should be added to all taint tracking configurations in addition to standard data flow edges. |
StringConcatenationTaintStep | A taint propagating data flow edge arising from string concatenations. |
TypeOfUndefinedSanitizer | A check of the form |
UndefinedCheckSanitizer | A check of the form |
UtilInspectTaintStep | A taint step through the Node.JS function |
WhitelistContainmentCallSanitizer | A check of the form |