CodeQL library for JavaScript
codeql/javascript-all 0.2.3 (changelog, source)
Search

Module RemotePropertyInjection

Import path

import semmle.javascript.security.dataflow.RemotePropertyInjectionCustomizations

Classes

HeaderNameSink

A sink for HTTP header writes with dynamically computed header name. This sink avoids double-flagging by ignoring SetMultipleHeaders since the multiple headers use case consists of an objects containing different header names as properties. This case is already handled by PropertyWriteSink.

PropertyWriteSink

A sink for property writes with dynamically computed property name.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for remote property injection.

Sanitizer

A sanitizer for remote property injection.

Sink

A data flow sink for remote property injection.

Source

A data flow source for remote property injection.