CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.9.1 (changelog, source)
Search

Module TaintedObject

Provides classes and predicates for reasoning about deeply tainted objects.

Import path

import semmle.javascript.security.TaintedObject

Imports

TaintedObject

Provides classes and predicates for reasoning about deeply tainted objects.

Predicates

isSource

Holds if node is a source of JSON taint and label is the JSON taint label.

step

Holds for the flows steps that are relevant for tracking user-controlled JSON objects.

Classes

NumberGuard

A guard that checks whether x is a number.

ObjectIdGuard

A guard that checks whether an input a valid string identifier using mongoose.Types.ObjectId.isValid

SanitizerGuard

A sanitizer guard that blocks deep object taint.