For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

RegExpInjection

Module RegExpInjectionCustomizations


                                import semmle.javascript.security.dataflow.RegExpInjectionCustomizations

ArgvAsSource	A read of `process.env`, `process.argv`, and similar, considered as a flow source for regular expression injection.
MetacharEscapeSanitizer	A global regexp replacement involving the `{`, `[`, or `+` meta-character, viewed as a sanitizer for regexp-injection vulnerabilities.
RegExpSanitizationCall	A call to a function whose name suggests that it escapes regular expression meta-characters.
RegularExpressionSourceAsSink	The source string of a regular expression.
RemoteFlowSourceAsSource	A source of remote user input, considered as a flow source for regular expression injection.
Sanitizer	A sanitizer for untrusted user input used to construct regular expressions.
Sink	A data flow sink for untrusted user input used to construct regular expressions.
Source	A data flow source for untrusted user input used to construct regular expressions.