Provides methods for reasoning about the flow of deeply tainted objects, such as JSON objects parsed from user-controlled data.
Deeply tainted objects are arrays or objects with user-controlled property names, containing tainted values or deeply tainted objects in their properties.
To track deeply tainted objects, a flow-tracking configuration should generally include the following:
- One or more sinks associated with the label
- The sources from
- The flow steps from
- The sanitizing guards
Provides classes and predicates for reasoning about deeply tainted objects.