CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.1.1 (changelog, source)
Search

Class LoopBoundInjection::Sink

A data flow sink for untrusted user input that is being looped through.

Import path

import semmle.javascript.security.dataflow.LoopBoundInjectionCustomizations

Direct supertypes

Indirect supertypes

Known direct subtypes

    Inherited predicates

    accessesGlobal

    Holds if this data flow node accesses the global variable g, either directly or through the window object.

    from Node
    analyze

    Gets type inference results for this data flow node.

    from Node
    asExpr

    Gets the expression corresponding to this data flow node, if any.

    from Node
    getABoundFunctionValue

    Gets a function value that may reach this node, possibly derived from a partial function invocation.

    from Node
    getAFunctionValue

    Gets a function value that may reach this node.

    from Node
    getAFunctionValue

    Gets a function value that may reach this node with the given imprecision level.

    from Node
    getALocalSource

    Gets a source node from which data may flow to this node in zero or more local steps.

    from Node
    getAPredecessor

    Gets a data flow node from which data may flow to this node in one local step.

    from Node
    getASuccessor

    Gets a data flow node to which data may flow from this node in one local step.

    from Node
    getAstNode

    Gets the AST node corresponding to this data flow node, if any.

    from Node
    getBasicBlock

    Gets the basic block to which this node belongs.

    from Node
    getContainer

    Gets the container in which this node occurs.

    from Node
    getEnclosingExpr

    Gets the expression enclosing this data flow node. In most cases the result is the same as asExpr(), however this method additionally includes the InvokeExpr corresponding to reflective calls.

    from Node
    getEndColumn

    Gets the end column of this data flow node.

    from Node
    getEndLine

    Gets the end line of this data flow node.

    from Node
    getFile

    Gets the file this data flow node comes from.

    from Node
    getImmediatePredecessor

    Gets the immediate predecessor of this node, if any.

    from Node
    getIntValue

    Gets the integer value of this node, if it is an integer constant.

    from Node
    getLocation

    Gets the location of this node.

    from Node
    getStartColumn

    Gets the start column of this data flow node.

    from Node
    getStartLine

    Gets the start line of this data flow node.

    from Node
    getStringValue

    Gets the string value of this node, if it is a string literal or constant string concatenation.

    from Node
    getTopLevel

    Gets the toplevel in which this node occurs.

    from Node
    hasLocationInfo

    Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

    from Node
    hasUnderlyingType

    Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

    from Node
    hasUnderlyingType

    Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

    from Node
    isIncomplete

    Holds if the flow information for this node is incomplete.

    from Node
    mayHaveBooleanValue

    Holds if this node may evaluate to the Boolean value b.

    from Node
    mayHaveStringValue

    Holds if this node may evaluate to the string s, possibly through local data flow.

    from Node
    toString

    Gets a textual representation of this element.

    from Node