CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.1.1 (changelog, source)
Search

Module ExternalApiUsedWithUntrustedData

Provides sources, sinks and sanitizers for reasoning about flow of untrusted data into an external API.

Import path

import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataCustomizations

Classes

DeepObjectSink

A value that is treated as a generic deep object sink.

SafeExternalApiFunction

A function that is considered a “safe” external API from a security perspective.

SafeExternalApiPackage

A package name whose entire API is considered “safe” for the purpose of this query.

Sanitizer

A sanitizer for data flowing to an external API.

Sink

An input to an external API call.

Source

A source of untrusted data.