Module TaintTracking
Provides classes for modelling taint propagation.
Import path
import javascript
Predicates
isTypeofGuard | Holds if |
isUrlSearchParams | Holds if |
localTaintStep | Holds if taint propagates from |
Classes
AdHocWhitelistCheckSanitizer | A check of the form |
AdditionalSanitizerGuardNode | A |
AdditionalTaintStep | A taint-propagating data flow edge that should be added to all taint tracking configurations in addition to standard data flow edges. |
Configuration | A data flow tracking configuration that considers taint propagation through objects, arrays, promises and strings in addition to standard data flow. |
ConstantComparison | A check of the form |
ErrorConstructorTaintStep | A taint step through an exception constructor, such as |
InSanitizer | A check of the form |
IsEmptyGuard | A test of form |
LabeledSanitizerGuardNode | A sanitizer guard node that only blocks specific flow labels. |
MembershipTestSanitizer | A check of the form |
PersistentStorageTaintStep | A taint propagating data flow edge through persistent storage. |
PositiveIndexOfSanitizer | A check of form |
SanitizerGuardNode | A node that can act as a sanitizer when appearing in a condition. |
SanitizingRegExpTest | A conditional checking a tainted string against a regular expression, which is considered to be a sanitizer for all configurations. |
StringConcatenationTaintStep | A taint propagating data flow edge arising from string concatenations. |
TypeOfUndefinedSanitizer | A check of the form |
UndefinedCheckSanitizer | A check of the form |
WhitelistContainmentCallSanitizer | A check of the form |
Aliases
InclusionSanitizer | DEPRECATED. This class has been renamed to |
StringInclusionSanitizer | DEPRECATED. This class has been renamed to |
arrayFunctionTaintStep | A taint propagating data flow edge from |