Module TaintTracking
Provides classes for modeling taint propagation.
Import path
import javascript
Predicates
arrayStep | Holds if |
defaultSanitizer | Holds if |
defaultTaintStep | Holds if there is a taint step from |
deserializeStep | Holds if |
heapStep | Holds if |
isNumberGuard | Holds if |
isStringTypeGuard | A test for the value of |
isTypeofGuard | Holds if |
isUrlSearchParams | Holds if |
persistentStorageStep | Holds if |
promiseStep | Holds if |
serializeStep | Holds if |
sharedTaintStep | Holds if |
stringConcatenationStep | Holds if |
stringManipulationStep | Holds if |
uriStep | Holds if |
viewComponentStep | Holds if |
Classes
AdHocWhitelistCheckSanitizer | A check of the form |
AdditionalBarrierGuard | A barrier guard that applies to all taint-tracking configurations. |
AdditionalSanitizerGuardNode | DEPRECATED. This class was part of the old data flow library which is now deprecated. Use |
AdditionalTaintStep | A taint-propagating data flow edge that should be added to all taint tracking configurations, but only those that use the new data flow library. |
Configuration | DEPRECATED. Subclasses of this class should be replaced by a module implementing the new |
ErrorConstructorTaintStep | A taint step through an exception constructor, such as |
InSanitizer | A check of the form |
IsEmptyGuard | A test of form |
LabeledSanitizerGuardNode | A sanitizer guard node that only blocks specific flow labels. |
LegacyTaintStep | A taint-propagating data flow edge that should be used with the old data flow library. |
MembershipTestSanitizer | A check of the form |
PositiveIndexOfSanitizer | A check of form |
SanitizerGuardNode | A node that can act as a sanitizer when appearing in a condition. |
SanitizingRegExpTest | A conditional checking a tainted string against a regular expression, which is considered to be a sanitizer for all configurations. |
SharedTaintStep | A taint-propagating data flow edge that should be added to all taint tracking configurations in addition to standard data flow edges. |
StringConcatenationTaintStep | A taint propagating data flow edge arising from string concatenations. |
TypeOfUndefinedSanitizer | A check of the form |
UndefinedCheckSanitizer | A check of the form |
UtilInspectTaintStep | A taint step through the Node.JS function |
WhitelistContainmentCallSanitizer | A check of the form |
Modules
AdditionalTaintStep | Contains predicates for accessing the taint steps used by taint-tracking configurations in the new data flow library. |
Aliases
AdHocWhitelistCheckSanitizer | Barrier nodes derived from the |