CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.1-dev (changelog, source)
Search

Module CleartextLogging

Import path

import semmle.javascript.security.dataflow.CleartextLoggingCustomizations

Predicates

isAdditionalTaintStep

Holds if the edge src -> trg is an additional taint-step for clear-text logging of sensitive information.

isSanitizerEdge

DEPRECATED. Use Barrier instead, sanitized have been replaced by sanitized nodes.

Classes

Barrier

A barrier for clear-text logging of sensitive information.

LoggerSink

An argument to a logging mechanism.

MaskingReplacer

A call to .replace() that seems to mask sensitive information.

ProcessEnvSource

An access to the sensitive object process.env.

Sink

A data flow sink for clear-text logging of sensitive information.

Source

A data flow source for clear-text logging of sensitive information.