CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.1.1 (changelog, source)
Search

Module RemotePropertyInjection

Import path

import semmle.javascript.security.dataflow.RemotePropertyInjectionCustomizations

Classes

HeaderNameSink

A sink for HTTP header writes with dynamically computed header name. This sink avoids double-flagging by ignoring SetMultipleHeaders since the multiple headers use case consists of an objects containing different header names as properties. This case is already handled by PropertyWriteSink.

PropertyWriteSink

A sink for property writes with dynamically computed property name.

RemoteFlowSourceAsSource

DEPRECATED: Use ActiveThreatModelSource from Concepts instead!

Sanitizer

A sanitizer for remote property injection.

Sink

A data flow sink for remote property injection.

Source

A data flow source for remote property injection.