CodeQL library for JavaScript
Search

Member predicate TaintTracking::Configuration::isSanitizerGuard

Holds if data flow node guard can act as a sanitizer when appearing in a condition.

For example, if guard is the comparison expression in if(x == 'some-constant'){ ... x ... }, it could sanitize flow of x into the “then” branch.

Node that this only handles checks that operate directly on the tainted value. Objects that contain a tainted value in a property may still flow across the check. To block such objects, use a labeled sanitizer guard to block the data label.

predicate isSanitizerGuard(SanitizerGuardNode guard)