A function that is considered a “safe” external API from a security perspective.
Import path
import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataCustomizations
Direct supertypes
Indirect supertypes
Inherited predicates
asSink | Get a data-flow node where this value leaves the current codebase and flows into an external library (or in general, any external codebase). | from Node |
asSource | Get a data-flow node where this value enters the current codebase. | from Node |
getACall | Gets a call to the function represented by this API component. | from Node |
getADecoratedClass | Gets any class that has this value as a decorator. | from Node |
getADecoratedMember | Gets any method, field, or accessor that has this value as a decorator. | from Node |
getADecoratedParameter | Gets any parameter that has this value as a decorator. | from Node |
getAMember | Gets a node representing a member of this API component where the name of the member may or may not be known statically. | from Node |
getAParameter | Gets a node representing a parameter of the function represented by this node. | from Node |
getAPredecessor | Gets a node such that there is an edge in the API graph between this node and the other one. | from Node |
getAPredecessor | Gets a node such that there is an edge in the API graph between that other node and this one, and that edge is labeled with | from Node |
getASuccessor | Gets a node such that there is an edge in the API graph between that other node and this one. | from Node |
getASuccessor | Gets a node such that there is an edge in the API graph between this node and the other one, and that edge is labeled with | from Node |
getAValueReachableFromSource | Get a data-flow node where this value may flow after entering the current codebase. | from Node |
getAValueReachingSink | Get a data-flow node that transitively flows to an external library (or in general, any external codebase). | from Node |
getAnInstantiation | Gets a | from Node |
getAnInvocation | Gets an invocation (with our without | from Node |
getDepth | Gets the shortest distance from the root to this node in the API graph. | from Node |
getForwardingFunction | Gets a node representing a function that is a wrapper around the function represented by this node. | from Node |
getInducingNode | Gets the data-flow node that gives rise to this node, if any. | from Node |
getInstance | Gets a node representing an instance of the class represented by this node. This includes instances of subclasses. | from Node |
getLastParameter | Gets a node representing the last parameter of the function represented by this node. | from Node |
getLocation | Gets the location of this API node, if it corresponds to a program element with a source location. | from Node |
getMaybePromisifiedCall | Gets a call to the function represented by this API component, or a promisified version of the function. | from Node |
getMember | Gets a node representing member | from Node |
getNumParameter | Gets the number of parameters of the function represented by this node. | from Node |
getParameter | Gets a node representing the | from Node |
getPath | Gets a string representation of the lexicographically least among all shortest access paths from the root to this node. | from Node |
getPromised | Gets a node representing the promised value wrapped in the | from Node |
getPromisedError | Gets a node representing the error wrapped in the | from Node |
getReceiver | Gets a node representing the receiver of the function represented by this node. | from Node |
getReturn | Gets a node representing the result of the function represented by this node. | from Node |
getUnknownMember | Gets a node representing a member of this API component where the name of the member is not known statically. | from Node |
hasLocationInfo | DEPRECATED: Use | from Node |
refersTo | Holds if this node may take its value from | from Node |
toString | Gets a textual representation of this node. | from Node |