CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.1.1 (changelog, source)
Search

Module ConditionalBypassQuery

Provides a taint tracking configuration for reasoning about bypass of sensitive action guards.

Note, for performance reasons: only import this file if ConditionalBypass::Configuration is needed, otherwise ConditionalBypassCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.ConditionalBypassQuery

Imports

ConditionalBypass
javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

flowsToGuardExpr

Holds if the value of nd flows into guard.

isEarlyAbortGuard

Holds if e effectively guards access to action by returning or throwing early.

isTaintedGuardForSensitiveAction

Holds if sink guards action, and source taints sink.

Classes

Configuration

A taint tracking configuration for bypass of sensitive action guards.

SensitiveActionGuardComparison

A comparison that guards a sensitive action, e.g. the comparison in: var ok = x == y; if (ok) login().

SensitiveActionGuardComparisonOperand

An intermediary sink to enable reuse of the taint configuration. This sink should not be presented to the client of this query.