Module LogInjectionQuery
Provides a taint-tracking configuration for reasoning about untrusted user input used in log entries.
Import path
import semmle.javascript.security.dataflow.LogInjectionQuery
Imports
javascript | Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML. |
Classes
HtmlSanitizer | A call to an HTML sanitizer is considered to sanitize the user input. |
JsonStringifySanitizer | A call to |
LogInjectionConfiguration | DEPRECATED. Use the |
LoggingSink | An argument to a logging mechanism. |
RemoteSource | A source of remote user controlled input. |
Sanitizer | A sanitizer for malicious user input used in log entries. |
Sink | A data flow sink for user input used in log entries. |
Source | A data flow source for user input used in log entries. |
StringReplaceSanitizer | A call to |
Modules
LogInjectionConfig | A taint-tracking configuration for untrusted user input used in log entries. |
Aliases
LogInjectionFlow | Taint-tracking for untrusted user input used in log entries. |