Module LoopBoundInjection
Import path
import semmle.javascript.security.dataflow.LoopBoundInjectionCustomizations
Imports
CommonFlowState | Contains a class with flow states that are used by multiple queries. |
TaintedObject | Provides methods for reasoning about the flow of deeply tainted objects, such as JSON objects parsed from user-controlled data. |
Predicates
hasCrashingArrayAccess | Holds if there exists an array access indexed by the variable |
isCrashingWithNullValues | Holds if an exception will be thrown whenever |
loopableLodashMethod | Holds if |
Classes
ArrayIterationLoop | A loop that iterates through some array using the |
BarrierGuard | A barrier guard for looping on tainted objects with unbounded length. |
InstanceofArraySanitizerGuard | A sanitizer that blocks taint flow if the array is checked to be an array using an |
IsArraySanitizerGuard | A sanitizer that blocks taint flow if the array is checked to be an array using an |
LengthCheckSanitizerGuard | A sanitizer that blocks taint flow if the length of an array is limited. |
Sink | A data flow sink for untrusted user input that is being looped through. |
Source | A source of objects that can cause DoS if iterated using the .length property. |
TaintedObjectSource | A source of remote user input objects. |