CodeQL library for JavaScript
Search

Module ExceptionXss

Import path

import semmle.javascript.security.dataflow.ExceptionXss

Predicates

canThrowSensitiveInformation

Holds if node can possibly cause an exception containing sensitive information to be thrown.

getCallbackErrorParam

Gets the error parameter for a callback that is supplied to the same call as pred is an argument to. For example: outerCall(foo, <pred>, bar, (<result>, val) => { ... }).

Classes

Callback

A callback that is the last argument to some call, and the callback has the form: function (err, value) {if (err) {...} ... }

Configuration

A taint-tracking configuration for reasoning about XSS with possible exceptional flow. Flow labels are used to ensure that we only report taint-flow that has been thrown in an exception.

NotYetThrown

A FlowLabel representing tainted data that has not been thrown in an exception. In the js/xss-through-exception query data-flow can only reach a sink after the data has been thrown as an exception, and data that has not been thrown as an exception therefore has this flow label, and only this flow label, associated with it.

Aliases

DomBasedXssCustom
ReflectedXssCustom
Xss

Provides classes and predicates used by the XSS queries.