CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.14 (changelog, source)
Index
Search

Module TaintedObject

Provides methods for reasoning about the flow of deeply tainted objects, such as JSON objects parsed from user-controlled data.

Deeply tainted objects are arrays or objects with user-controlled property names, containing tainted values or deeply tainted objects in their properties.

To track deeply tainted objects, a flow-tracking configuration should generally include the following:

  1. One or more sinks associated with the flow state FlowState::taintedObject().
  2. The sources from TaintedObject::Source.
  3. The flow steps from TaintedObject::isAdditionalFlowStep.
  4. The barriers from TaintedObject::SanitizerGuard::getABarrierNode(state).

Import path

import semmle.javascript.security.TaintedObject

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Modules

TaintedObject

Provides classes and predicates for reasoning about deeply tainted objects.