For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

LoopBoundInjection

Module LoopBoundInjectionCustomizations


                                import semmle.javascript.security.dataflow.LoopBoundInjectionCustomizations

Provides methods for reasoning about the flow of deeply tainted objects, such as JSON objects parsed from user-controlled data.

hasCrashingArrayAccess	Holds if there exists an array access indexed by the variable `var` where it is likely that the array access will cause a crash if `var` grows unbounded.
isCrashingWithNullValues	Holds if an exception will be thrown whenever `e` evaluates to `undefined` or `null`.
loopableLodashMethod	Holds if `name` is a method from lodash vulnerable to a DoS attack if called with a tainted object.

ArrayIterationLoop	A loop that iterates through some array using the `length` property. The loop is either of the style `for(..; i < arr.length;...)` or `while(i < arr.length) {..;i++;..}`.
InstanceofArraySanitizerGuard	A sanitizer that blocks taint flow if the array is checked to be an array using an `X instanceof Array` check.
IsArraySanitizerGuard	A sanitizer that blocks taint flow if the array is checked to be an array using an `isArray` function.
LengthCheckSanitizerGuard	A sanitizer that blocks taint flow if the length of an array is limited.
Sink	A data flow sink for untrusted user input that is being looped through.
Source	A source of objects that can cause DoS if iterated using the .length property.
TaintedObjectSource	A source of remote user input objects.