Module LogInjectionQuery

Provides a taint-tracking configuration for reasoning about untrusted user input used in log entries.

Import path

import semmle.javascript.security.dataflow.LogInjectionQuery

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

HtmlSanitizer	A call to an HTML sanitizer is considered to sanitize the user input.
JsonStringifySanitizer	A call to `JSON.stringify` or similar, seen as sanitizing log output.
LogInjectionConfiguration	A taint-tracking configuration for untrusted user input used in log entries.
LoggingSink	An argument to a logging mechanism.
RemoteSource	A source of remote user controlled input.
Sanitizer	A sanitizer for malicious user input used in log entries.
Sink	A data flow sink for user input used in log entries.
Source	A data flow source for user input used in log entries.
StringReplaceSanitizer	A call to `String.prototype.replace` that replaces `\n` is considered to sanitize the replaced string (reduce false positive).