CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.1.1 (changelog, source)
Search

Module ExternalAPIUsedWithUntrustedDataQuery

Provides a taint tracking configuration for reasoning about untrusted data flowing to an external API call.

Note, for performance reasons: only import this file if ExternalAPIUsedWithUntrustedData::Configuration is needed, otherwise ExternalAPIUsedWithUntrustedDataCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery

Imports

ExternalApiUsedWithUntrustedData

Provides sources, sinks and sanitizers for reasoning about flow of untrusted data into an external API.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint tracking configuration for untrusted data flowing to an external API.

ExternalApiDataNode

A node representing data being passed to an external API.

ExternalApiUsedWithUntrustedData

An external API which is used with untrusted data.

UntrustedExternalApiDataNode

A node representing untrusted data being passed to an external API.