CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.8.3 (changelog, source)

Module TaintTracking

Provides classes for performing customized taint tracking.

The classes in this module allow performing inter-procedural taint tracking from a custom set of source nodes to a custom set of sink nodes. In addition to normal data flow edges, taint is propagated along taint edges that do not preserve the value of their input but only its taintedness, such as taking substrings. As for data flow configurations, additional flow edges can be specified, and conversely certain nodes or edges can be designated as taint sanitizers that block flow.

NOTE: The API of this library is not stable yet and may change in the future.

Import path

import semmle.javascript.dataflow.TaintTracking



Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.



Provides classes for modeling taint propagation.