CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.3-dev (changelog, source)
Search

Class Http::RequestHeaderAccess

An access to a header on an incoming HTTP request.

Import path

import javascript

Direct supertypes

Indirect supertypes

Known direct subtypes

    Predicates

    getAHeaderName

    Gets the lower-case name of an HTTP header from which this input is derived, if this can be determined.

    Inherited predicates

    accessesGlobal

    Holds if this data flow node accesses the global variable g, either directly or through the window object.

    from Node
    analyze

    Gets type inference results for this data flow node.

    from Node
    asExpr

    Gets the expression corresponding to this data flow node, if any.

    from Node
    getABoundFunctionValue

    Gets a function value that may reach this node, possibly derived from a partial function invocation.

    from Node
    getAFunctionValue

    Gets a function value that may reach this node.

    from Node
    getAFunctionValue

    Gets a function value that may reach this node with the given imprecision level.

    from Node
    getALocalSource

    Gets a source node from which data may flow to this node in zero or more local steps.

    from Node
    getAPredecessor

    Gets a data flow node from which data may flow to this node in one local step.

    from Node
    getASuccessor

    Gets a data flow node to which data may flow from this node in one local step.

    from Node
    getAstNode

    Gets the AST node corresponding to this data flow node, if any.

    from Node
    getBasicBlock

    Gets the basic block to which this node belongs.

    from Node
    getContainer

    Gets the container in which this node occurs.

    from Node
    getEnclosingExpr

    Gets the expression enclosing this data flow node. In most cases the result is the same as asExpr(), however this method additionally includes the InvokeExpr corresponding to reflective calls.

    from Node
    getEndColumn

    Gets the end column of this data flow node.

    from Node
    getEndLine

    Gets the end line of this data flow node.

    from Node
    getFile

    Gets the file this data flow node comes from.

    from Node
    getImmediatePredecessor

    Gets the immediate predecessor of this node, if any.

    from Node
    getIntValue

    Gets the integer value of this node, if it is an integer constant.

    from Node
    getKind

    Gets the kind of the accessed input, Can be one of “parameter”, “header”, “body”, “url”, “cookie”.

    from RequestInputAccess
    getLocation

    Gets the location of this node.

    from Node
    getRouteHandler

    Gets the route handler whose request input is accessed.

    from RequestInputAccess
    getSourceType

    Gets a human-readable string that describes the type of this remote flow source.

    from RequestInputAccess
    getStartColumn

    Gets the start column of this data flow node.

    from Node
    getStartLine

    Gets the start line of this data flow node.

    from Node
    getStringValue

    Gets the string value of this node, if it is a string literal or constant string concatenation.

    from Node
    getTopLevel

    Gets the toplevel in which this node occurs.

    from Node
    hasLocationInfo

    Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

    from Node
    hasUnderlyingType

    Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

    from Node
    hasUnderlyingType

    Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

    from Node
    isIncomplete

    Holds if the flow information for this node is incomplete.

    from Node
    isThirdPartyControllable

    Holds if this part of the request may be controlled by a third party, that is, an agent other than the one who sent the request.

    from RequestInputAccess
    isUserControlledObject

    Holds if this can be a user-controlled object, such as a JSON object parsed from user-controlled data.

    from RemoteFlowSource
    mayHaveBooleanValue

    Holds if this node may evaluate to the Boolean value b.

    from Node
    mayHaveStringValue

    Holds if this node may evaluate to the string s, possibly through local data flow.

    from Node
    toString

    Gets a textual representation of this element.

    from Node