For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

CodeInjection

Module CodeInjectionCustomizations

Imports

Modules

Module CodeInjection

Import path


                                import semmle.javascript.security.dataflow.CodeInjectionCustomizations

Classes

AngularJSExpressionSink	An expression which may be interpreted as an AngularJS expression.
DotTemplateSink	A value interpreted as a template by the `dot` library.
EjsTemplateSink	A value interpreted as a template by the `ejs` library.
EtaTemplateSink	A value interpreted as a template by the `eta` library.
EvalJavaScriptSink	An expression which may be evaluated as JavaScript.
EventHandlerAttributeSink	An event handler attribute as a code injection sink.
GrayMatterSink	An expression parsed by the `gray-matter` library.
HandlebarsTemplateSink	A value interpreted as a template by the `handlebars` library.
HoganTemplateSink	A value interpreted as a template by the `hogan.js` library.
JsonStringifySanitizer	A call to JSON.stringify() seen as a sanitizer.
LodashUnderscoreTemplateSink	A value interpreted as a template by `lodash` or `underscore`.
ModuleCompileSink	The first argument to `Module.prototype._compile`, considered as a code-injection sink.
MustacheTemplateSink	A value interpreted as a template by the `mustache` library.
NoSqlCodeInjectionSink	A code operator of a NoSQL query as a code injection sink.
NodeCallSink	A system command execution of “node”, where the executed code is seen as a code injection sink.
NodeJSVmSink	An expression which may be evaluated as JavaScript in NodeJS using the `vm` module.
NodePty	An execution of a terminal command via the `node-pty` library, seen as a code injection sink. Example: `JS var pty = require('node-pty'); var ptyProcess = pty.spawn("bash", [], {...}); ptyProcess.write('ls\r');`
NunjucksTemplateSink	A value interpreted as a template by the `nunjucks` library.
PugTemplateSink	A value interpreted as as template by the `pug` library.
ReactScriptTag	A body element from a script tag inside React code.
RemoteFlowSourceAsSource	A source of remote user input, considered as a flow source for code injection.
Sanitizer	A sanitizer for code injection vulnerabilities.
ScriptContentSink	A write to the `textContent` property of a `<script />` tag, seen as a sink for code injection vulnerabilities.
Sink	A data flow sink for code injection vulnerabilities.
Source	A data flow source for code injection vulnerabilities.
SquirrelTemplateSink	A value interpreted as a template by the `squirrelly` library.
TemplateTagInNestedTemplateContext	A server-side template tag occurring in the context of another template language.
TemplateTagInScriptSink	A template tag occurring in JS code, viewed as a code injection sink.
WebViewInjectedJavaScriptSink	An expression which is injected as JavaScript into a React Native `WebView`.
WhiskersTemplateSink	A value interpreted as a template by the `whiskers` library.

Aliases

JSONStringifySanitizer	DEPRECATED: Alias for JsonStringifySanitizer
NoSQLCodeInjectionSink	DEPRECATED: Alias for NoSqlCodeInjectionSink