CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.3-dev (changelog, source)
Search

Module CodeInjection

Import path

import semmle.javascript.security.dataflow.CodeInjectionCustomizations

Classes

AngularJSExpressionSink

An expression which may be interpreted as an AngularJS expression.

DotTemplateSink

A value interpreted as a template by the dot library.

EjsTemplateSink

A value interpreted as a template by the ejs library.

EtaTemplateSink

A value interpreted as a template by the eta library.

EvalJavaScriptSink

An expression which may be evaluated as JavaScript.

EventHandlerAttributeSink

An event handler attribute as a code injection sink.

GrayMatterSink

An expression parsed by the gray-matter library.

HandlebarsTemplateSink

A value interpreted as a template by the handlebars library.

HoganTemplateSink

A value interpreted as a template by the hogan.js library.

JsonStringifySanitizer

A call to JSON.stringify() seen as a sanitizer.

LodashUnderscoreTemplateSink

A value interpreted as a template by lodash or underscore.

ModuleCompileSink

The first argument to Module.prototype._compile, considered as a code-injection sink.

MustacheTemplateSink

A value interpreted as a template by the mustache library.

NoSqlCodeInjectionSink

A code operator of a NoSQL query as a code injection sink.

NodeCallSink

A system command execution of “node”, where the executed code is seen as a code injection sink.

NodeJSVmSink

An expression which may be evaluated as JavaScript in NodeJS using the vm module.

NodePty

An execution of a terminal command via the node-pty library, seen as a code injection sink. Example: JS var pty = require('node-pty'); var ptyProcess = pty.spawn("bash", [], {...}); ptyProcess.write('ls\r');

NunjucksTemplateSink

A value interpreted as a template by the nunjucks library.

PugTemplateSink

A value interpreted as as template by the pug library.

ReactScriptTag

A body element from a script tag inside React code.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for code injection.

Sanitizer

A sanitizer for code injection vulnerabilities.

ScriptContentSink

A write to the textContent property of a <script /> tag, seen as a sink for code injection vulnerabilities.

Sink

A data flow sink for code injection vulnerabilities.

Source

A data flow source for code injection vulnerabilities.

SquirrelTemplateSink

A value interpreted as a template by the squirrelly library.

TemplateTagInNestedTemplateContext

A server-side template tag occurring in the context of another template language.

TemplateTagInScriptSink

A template tag occurring in JS code, viewed as a code injection sink.

WebViewInjectedJavaScriptSink

An expression which is injected as JavaScript into a React Native WebView.

WebixExec

A value interpreted as code by the webix library.

WebixTemplateSink

A value interpreted as a template by the webix library.

WhiskersTemplateSink

A value interpreted as a template by the whiskers library.