CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.2-dev (changelog, source)
Search

Class TaintTracking::SharedTaintStep

A taint-propagating data flow edge that should be added to all taint tracking configurations in addition to standard data flow edges.

This class is a singleton, and thus subclasses do not need to specify a characteristic predicate.

Note: For performance reasons, all subclasses of this class should be part of the standard library. Override Configuration::isAdditionalTaintStep for analysis-specific taint steps.

This class has multiple kinds of step predicates; these all have the same effect on taint-tracking configurations. However, the categorization of steps allows some data-flow configurations to opt in to specific kinds of taint steps.

Import path

import javascript

Direct supertypes

Indirect supertypes

Known direct subtypes

Predicates

arrayStep

Holds if predsucc should be considered a taint-propagating data flow edge through arrays.

deserializeStep

Holds if predsucc should be considered a taint-propagating data flow edge through data deserialization, such as JSON.parse.

heapStep

Holds if predsucc should be considered a taint-propagating data flow edge through the heap.

heuristicStep

Holds if predsucc should be considered a taint-propagating data flow edge contributed by the heuristics library.

persistentStorageStep

Holds if predsucc should be considered a taint-propagating data flow edge through persistent storage.

promiseStep

Holds if predsucc should be considered a taint-propagating data flow edge through a promise.

serializeStep

Holds if predsucc should be considered a taint-propagating data flow edge through data serialization, such as JSON.stringify.

step

Holds if predsucc should be considered a taint-propagating data flow edge.

stringConcatenationStep

Holds if predsucc should be considered a taint-propagating data flow edge through string concatenation.

stringManipulationStep

Holds if predsucc should be considered a taint-propagating data flow edge through string manipulation (other than concatenation).

uriStep

Holds if predsucc should be considered a taint-propagating data flow edge through URI manipulation.

viewComponentStep

Holds if predsucc should be considered a taint-propagating data flow edge through the state or props or a React component.

Inherited predicates

toString

Gets a textual representation of this element.

from Unit