Module CodeInjection
Import path
import semmle.javascript.security.dataflow.CodeInjectionCustomizations
Classes
AngularJSExpressionSink |
An expression which may be interpreted as an AngularJS expression. |
DotTemplateSink |
A value interpreted as a template by the |
EjsTemplateSink |
A value interpreted as a template by the |
EtaTemplateSink |
A value interpreted as a template by the |
EvalJavaScriptSink |
An expression which may be evaluated as JavaScript. |
EventHandlerAttributeSink |
An event handler attribute as a code injection sink. |
GrayMatterSink |
An expression parsed by the |
HandlebarsTemplateSink |
A value interpreted as a template by the |
HoganTemplateSink |
A value interpreted as a template by the |
JsonStringifySanitizer |
A call to JSON.stringify() seen as a sanitizer. |
LodashUnderscoreTemplateSink |
A value interpreted as a template by |
ModuleCompileSink |
The first argument to |
MustacheTemplateSink |
A value interpreted as a template by the |
NoSqlCodeInjectionSink |
A code operator of a NoSQL query as a code injection sink. |
NodeCallSink |
A system command execution of “node”, where the executed code is seen as a code injection sink. |
NodeJSVmSink |
An expression which may be evaluated as JavaScript in NodeJS using the |
NodePty |
An execution of a terminal command via the |
NunjucksTemplateSink |
A value interpreted as a template by the |
PugTemplateSink |
A value interpreted as as template by the |
ReactScriptTag |
A body element from a script tag inside React code. |
RemoteFlowSourceAsSource |
A source of remote user input, considered as a flow source for code injection. |
Sanitizer |
A sanitizer for code injection vulnerabilities. |
ScriptContentSink |
A write to the |
Sink |
A data flow sink for code injection vulnerabilities. |
Source |
A data flow source for code injection vulnerabilities. |
SquirrelTemplateSink |
A value interpreted as a template by the |
TemplateTagInNestedTemplateContext |
A server-side template tag occurring in the context of another template language. |
TemplateTagInScriptSink |
A template tag occurring in JS code, viewed as a code injection sink. |
WebViewInjectedJavaScriptSink |
An expression which is injected as JavaScript into a React Native |
WebixExec |
A value interpreted as code by the |
WebixTemplateSink |
A value interpreted as a template by the |
WhiskersTemplateSink |
A value interpreted as a template by the |