CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.6 (changelog, source)
Search

Module LogInjectionQuery

Provides a taint-tracking configuration for reasoning about untrusted user input used in log entries.

Import path

import semmle.javascript.security.dataflow.LogInjectionQuery

Imports

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

HtmlSanitizer

A call to an HTML sanitizer is considered to sanitize the user input.

JsonStringifySanitizer

A call to JSON.stringify or similar, seen as sanitizing log output.

LogInjectionConfiguration

DEPRECATED. Use the LogInjectionFlow module instead.

LoggingSink

An argument to a logging mechanism.

RemoteSource

A source of remote user controlled input.

Sanitizer

A sanitizer for malicious user input used in log entries.

Sink

A data flow sink for user input used in log entries.

Source

A data flow source for user input used in log entries.

StringReplaceSanitizer

A call to String.prototype.replace that replaces \n is considered to sanitize the replaced string (reduce false positive).

Modules

LogInjectionConfig

A taint-tracking configuration for untrusted user input used in log entries.

Aliases

LogInjectionFlow

Taint-tracking for untrusted user input used in log entries.