CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.4.1 (changelog, source)
Search

Module InsecureDownloadConfig

A taint tracking configuration for download of sensitive file through insecure connection.

Import path

import semmle.javascript.security.dataflow.InsecureDownloadQuery

Predicates

getASelectedSinkLocation

Gets a location that will be associated with the given sink in a diff-informed query that uses this configuration (see observeDiffInformedIncrementalMode). By default, this is the location of the sink itself, but this predicate should include any locations that are reported as the primary-location of the query or as an additional location (“$@” interpolation). For a query that doesn’t report the sink at all, this predicate can be none().

isBarrier

Holds if data flow through node is prohibited. This completely removes node from the data flow graph.

isSink

Holds if sink is a relevant data flow sink accepting state.

isSource

Holds if source is a relevant data flow source with the given initial state.

observeDiffInformedIncrementalMode

Holds if sources and sinks should be filtered to only include those that may lead to a flow path with either a source or a sink in the location range given by AlertFiltering. This only has an effect when running in diff-informed incremental mode.

Aliases

FlowState

A flow state to associate with a tracked value.