CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.2.1-dev (changelog, source)
Search

Module RegExpInjection

Import path

import semmle.javascript.security.dataflow.RegExpInjectionCustomizations

Classes

ArgvAsSource

A read of process.env, process.argv, and similar, considered as a flow source for regular expression injection.

MetacharEscapeSanitizer

A global regexp replacement involving the {, [, or + meta-character, viewed as a sanitizer for regexp-injection vulnerabilities.

RegExpSanitizationCall

A call to a function whose name suggests that it escapes regular expression meta-characters.

RegularExpressionSourceAsSink

The source string of a regular expression.

RemoteFlowSourceAsSource

DEPRECATED: Use ActiveThreatModelSource from Concepts instead!

Sanitizer

A sanitizer for untrusted user input used to construct regular expressions.

Sink

A data flow sink for untrusted user input used to construct regular expressions.

Source

A data flow source for untrusted user input used to construct regular expressions.