CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.7.2 (changelog, source)
Index
Search

Module TaintedObject

Provides classes and predicates for reasoning about deeply tainted objects.

Import path

import semmle.javascript.security.TaintedObject

Imports

TaintedObject

Provides classes and predicates for reasoning about deeply tainted objects.

Predicates

isAdditionalFlowStep

Holds for the flows steps that are relevant for tracking user-controlled JSON objects.

isSource

DEPRECATED. Use the Source class and FlowState#isTaintedObject() directly.

step

DEPRECATED. Use isAdditionalFlowStep(node1, state1, node2, state2) instead.

Classes

NumberGuard

A guard that checks whether x is a number.

ObjectIdGuard

A guard that checks whether an input a valid string identifier using mongoose.Types.ObjectId.isValid

SanitizerGuard

A sanitizer guard that blocks deep object taint.

Aliases

SanitizerGuard

A sanitizer guard that blocks deep object taint.