Module TaintTracking

Holds if pred -> succ is a taint propagating data flow edge through an array.

Holds if node is seen as a barrier for taint-tracking.

Holds if there is a taint step from node1 to node2.

Holds if pred → succ should be considered a taint-propagating data flow edge through data deserialization, such as JSON.parse.

Holds if pred -> succ is a taint propagating data flow edge through the heap.

Holds if guard is a test that checks if operand is a number.

A test for the value of typeof x, restricting the potential types of x.

Holds if test is a guard that checks if operand is typeof tag.

Holds if params is a construction of a URLSearchParams that parses the parameters in input.

Holds if pred -> succ is a taint propagating data flow edge through persistent storage.

Holds if pred → succ should be considered a taint-propagating data flow edge through a promise.

Holds if pred → succ should be considered a taint-propagating data flow edge through data serialization, such as JSON.stringify.

Holds if pred -> succ is an edge used by all taint-tracking configurations in the old data flow library.

Holds if pred -> succ is a taint propagating data flow edge through string concatenation.

Holds if pred -> succ is a taint propagating data flow edge through string manipulation (other than concatenation).

Holds if pred → succ should be considered a taint-propagating data flow edge through a URI library function.

Holds if pred -> succ is a taint propagating data flow edge through the properties of a view compenent, such as the state or props of a React component.

A check of the form if(<isWhitelisted>(x)), which sanitizes x in its “then” branch.

A barrier guard that applies to all taint-tracking configurations.

DEPRECATED. This class was part of the old data flow library which is now deprecated. Use TaintTracking::AdditionalBarrierGuard instead.

A taint-propagating data flow edge that should be added to all taint tracking configurations, but only those that use the new data flow library.

DEPRECATED. Subclasses of this class should be replaced by a module implementing the new ConfigSig or StateConfigSig interface. See the migration guide for more details.

A taint step through an exception constructor, such as x to new Error(x).

A check of the form if(x in o), which sanitizes x in its “then” branch.

A test of form x.length === "0", preventing x from being tainted.

A sanitizer guard node that only blocks specific flow labels.

A taint-propagating data flow edge that should be used with the old data flow library.

A check of the form whitelist.includes(x) or equivalent, which sanitizes x in its “then” branch.

A check of form x.indexOf(y) > 0 or similar, which sanitizes y in the “then” branch.

A node that can act as a sanitizer when appearing in a condition.

A conditional checking a tainted string against a regular expression, which is considered to be a sanitizer for all configurations.

A taint-propagating data flow edge that should be added to all taint tracking configurations in addition to standard data flow edges.

A taint propagating data flow edge arising from string concatenations.

A check of the form type x === "undefined", which sanitized x in its “then” branch.

A check of the form if(o[x] != undefined), which sanitizes x in its “then” branch.

A taint step through the Node.JS function util.inspect(..).

A check of the form if(o.<contains>(x)), which sanitizes x in its “then” branch.

Contains predicates for accessing the taint steps used by taint-tracking configurations in the new data flow library.

Barrier nodes derived from the AdHocWhitelistCheckSanitizer class.