CodeQL library for JavaScript
Search

Module ExternalAPIUsedWithUntrustedData

Provides sources, sinks and sanitizers for reasoning about flow of untrusted data into an external API.

Import path

import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataCustomizations

Classes

DeepObjectSink

A value that is treated as a generic deep object sink.

SafeExternalAPIFunction

A function that is considered a “safe” external API from a security perspective.

SafeExternalAPIPackage

A package name whose entire API is considered “safe” for the purpose of this query.

Sanitizer

A sanitizer for data flowing to an external API.

Sink

An input to an external API call.

Source

A source of untrusted data.