CodeQL library for JavaScript
codeql/javascript-all 0.4.1 (changelog, source)
Search

Module InsecureTemporaryFile

Classes and predicates for reasoning about insecure temporary file creation.

Import path

import semmle.javascript.security.dataflow.InsecureTemporaryFileCustomizations

Classes

InsecureFileOpen

The path in a call that opens a file without specifying a secure mode. Seen as a sink for insecure temporary file creation.

NonFirstStringConcatLeaf

A non-first leaf in a string-concatenation. Seen as a sanitizer for insecure temporary file creation.

OSTempDir

A string that references the global tmp dir. Seen as a source for insecure temporary file creation.

OpenFileCall

A call that opens a file with a given path.

Sanitizer

A sanitizer for random insecure temporary file creation.

Sink

A data flow sink for insecure temporary file creation.

Source

A data flow source for insecure temporary file creation.