CodeQL library for JavaScript
Search

Module RegExpInjection

Import path

import semmle.javascript.security.dataflow.RegExpInjectionCustomizations

Classes

MetacharEscapeSanitizer

A global regexp replacement involving the {, [, or + meta-character, viewed as a sanitizer for regexp-injection vulnerabilities.

RegExpSanitizationCall

A call to a function whose name suggests that it escapes regular expression meta-characters.

RegularExpressionSourceAsSink

The source string of a regular expression.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for regular expression injection.

Sanitizer

A sanitizer for untrusted user input used to construct regular expressions.

Sink

A data flow sink for untrusted user input used to construct regular expressions.

Source

A data flow source for untrusted user input used to construct regular expressions.