CodeQL library for JavaScript
codeql/javascript-all 0.6.2 ( changelog , source )
Search

Member predicate TaintTracking :: Configuration :: isSanitizerGuard

Holds if data flow node guard can act as a sanitizer when appearing in a condition.

For example, if guard is the comparison expression in if(x == 'some-constant'){ ... x ... }, it could sanitize flow of x into the “then” branch.

Node that this only handles checks that operate directly on the tainted value. Objects that contain a tainted value in a property may still flow across the check. To block such objects, use a labeled sanitizer guard to block the data label.

predicate isSanitizerGuard ( SanitizerGuardNode guard )