CodeQL library for JavaScript
Search

Module LoopBoundInjectionQuery

Provides a taint tracking configuration for reasoning about DoS attacks using a user-controlled object with an unbounded .length property.

Note, for performance reasons: only import this file if LoopBoundInjection::Configuration is needed, otherwise LoopBoundInjectionCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.LoopBoundInjectionQuery

Imports

LoopBoundInjection
TaintedObject

Provides methods for reasoning about the flow of deeply tainted objects, such as JSON objects parsed from user-controlled data.

javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint tracking configuration for reasoning about looping on tainted objects with unbounded length.