CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.9.1 (changelog, source)
Search

Predicate isTaintedGuardForSensitiveAction

Holds if sink guards action, and source taints sink.

If flow from source taints sink, then an attacker can control if action should be executed or not.

Import path

import semmle.javascript.security.dataflow.ConditionalBypassQuery
predicate isTaintedGuardForSensitiveAction(PathNode sink, PathNode source, SensitiveAction action)