Provides sources, sinks and sanitizers for reasoning about flow of untrusted data into an external API.
Import path
import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataCustomizationsClasses
| DeepObjectSink | A value that is treated as a generic deep object sink. |
| SafeExternalApiFunction | A function that is considered a “safe” external API from a security perspective. |
| SafeExternalApiPackage | A package name whose entire API is considered “safe” for the purpose of this query. |
| Sanitizer | A sanitizer for data flowing to an external API. |
| Sink | An input to an external API call. |
| Source | A source of untrusted data. |