Provides sources, sinks and sanitizers for reasoning about flow of untrusted data into an external API.
Import path
import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataCustomizations
Classes
DeepObjectSink | A value that is treated as a generic deep object sink. |
SafeExternalApiFunction | A function that is considered a “safe” external API from a security perspective. |
SafeExternalApiPackage | A package name whose entire API is considered “safe” for the purpose of this query. |
Sanitizer | A sanitizer for data flowing to an external API. |
Sink | An input to an external API call. |
Source | A source of untrusted data. |