CodeQL library for JavaScript
codeql/javascript-all 0.2.3 (changelog, source)
Search

Module CleartextLogging

Import path

import semmle.javascript.security.dataflow.CleartextLoggingCustomizations

Predicates

isAdditionalTaintStep

Holds if the edge src -> trg is an additional taint-step for clear-text logging of sensitive information.

isSanitizerEdge

Holds if the edge pred -> succ should be sanitized for clear-text logging of sensitive information.

Classes

Barrier

A barrier for clear-text logging of sensitive information.

LoggerSink

An argument to a logging mechanism.

MaskingReplacer

A call to .replace() that seems to mask sensitive information.

ProcessEnvSource

An access to the sensitive object process.env.

Sink

A data flow sink for clear-text logging of sensitive information.

Source

A data flow source for clear-text logging of sensitive information.