CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.2-dev (changelog, source)
Search

Class RouteHandlerLimitedByExpressLimiter

A rate limiter constructed using the express-limiter package.

Note that the express-limiter package is unusual in that it may optionally install itself as a middleware. That aspect is handled by the Express core model.

Import path

import semmle.javascript.security.dataflow.MissingRateLimiting

Direct supertypes

Indirect supertypes

Predicates

getRoutingNode

Gets a routing node corresponding to this middleware function.

Inherited predicates

accessesGlobal

Holds if this data flow node accesses the global variable g, either directly or through the window object.

from Node
analyze

Gets type inference results for this data flow node.

from Node
asExpr

Gets the expression corresponding to this data flow node, if any.

from Node
backtrack

Gets a node that may flow into this one using one heap and/or interprocedural step.

from SourceNode
flowsTo

Holds if this node flows into sink in zero or more local (that is, intra-procedural) steps.

from SourceNode
flowsToExpr

Holds if this node flows into sink in zero or more local (that is, intra-procedural) steps.

from SourceNode
getABoundFunctionValue

Gets a function value that may reach this node, possibly derived from a partial function invocation.

from Node
getACall

Gets a function call to this node.

from SourceNode
getAChainedMethodCall

Gets a chained method call that invokes methodName last.

from SourceNode
getAConstructorInvocation

Gets a new call that invokes constructor constructorName on this node.

from SourceNode
getAFunctionValue

Gets a function value that may reach this node.

from Node
getAFunctionValue

Gets a function value that may reach this node with the given imprecision level.

from Node
getALocalSource

Gets a source node from which data may flow to this node in zero or more local steps.

from Node
getALocalUse

Gets a node into which data may flow from this node in zero or more local steps.

from SourceNode
getAMemberCall

Gets a function call that invokes method memberName on this node.

from SourceNode
getAMemberInvocation

Gets an invocation of the method or constructor named memberName on this node.

from SourceNode
getAMethodCall

Gets a method call that invokes a method on this node.

from SourceNode
getAMethodCall

Gets a method call that invokes method methodName on this node.

from SourceNode
getAPredecessor

Gets a data flow node from which data may flow to this node in one local step.

from Node
getAPropertyRead

Gets a read of any property on this node.

from SourceNode
getAPropertyRead

Gets a read of property propName on this node.

from SourceNode
getAPropertyReference

Gets a reference (read or write) of any property on this node.

from SourceNode
getAPropertyReference

Gets a reference (read or write) of property propName on this node.

from SourceNode
getAPropertySource

Gets a source node whose value is stored in a property of this node.

from SourceNode
getAPropertySource

Gets a source node whose value is stored in property prop of this node.

from SourceNode
getAPropertyWrite

Gets a write of any property on this node.

from SourceNode
getAPropertyWrite

Gets a write of property propName on this node.

from SourceNode
getASuccessor

Gets a data flow node to which data may flow from this node in one local step.

from Node
getAnInstantiation

Gets a new call to this node.

from SourceNode
getAnInvocation

Gets an invocation (with our without new) of this node.

from SourceNode
getAstNode

Gets the AST node corresponding to this data flow node, if any.

from Node
getBasicBlock

Gets the basic block to which this node belongs.

from Node
getContainer

Gets the container in which this node occurs.

from Node
getEnclosingExpr

Gets the expression enclosing this data flow node. In most cases the result is the same as asExpr(), however this method additionally includes the InvokeExpr corresponding to reflective calls.

from Node
getEndColumn

Gets the end column of this data flow node.

from Node
getEndLine

Gets the end line of this data flow node.

from Node
getFile

Gets the file this data flow node comes from.

from Node
getImmediatePredecessor

Gets the immediate predecessor of this node, if any.

from Node
getIntValue

Gets the integer value of this node, if it is an integer constant.

from Node
getLocation

Gets the location of this node.

from Node
getPostUpdateNode

Gets the post-update node corresponding to this node, if any.

from Node
getStartColumn

Gets the start column of this data flow node.

from Node
getStartLine

Gets the start line of this data flow node.

from Node
getStringValue

Gets the string value of this node, if it is a string literal or constant string concatenation.

from Node
getTopLevel

Gets the toplevel in which this node occurs.

from Node
hasLocationInfo

Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

from Node
hasPropertyWrite

Holds if there is an assignment to property propName on this node, and the right hand side of the assignment is rhs.

from SourceNode
hasUnderlyingType

Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

from Node
hasUnderlyingType

Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

from Node
isIncomplete

Holds if the flow information for this node is incomplete.

from Node
mayHaveBooleanValue

Holds if this node may evaluate to the Boolean value b.

from Node
mayHaveStringValue

Holds if this node may evaluate to the string s, possibly through local data flow.

from Node
ref

Gets a data flow node referring to this middleware.

from RateLimitingMiddleware
toString

Gets a textual representation of this element.

from Node
track

Gets a node that this node may flow to using one heap and/or interprocedural step.

from SourceNode

Charpred