Class RequestForgery::Configuration
A taint tracking configuration for request forgery.
Import path
import semmle.javascript.security.dataflow.RequestForgeryDirect supertypes
Indirect supertypes
Predicates
| isSanitizer | Holds if the intermediate node |
| isSanitizerEdge | Holds if the edge from |
| isSink | Holds if |
| isSource | Holds if |
Inherited predicates
| charAt | Returns a one-character string containing the character in the receiver at the given index (which ranges from 0 through length minus one) | from string |
| getDefaultSourceLabel | Gets the flow label to associate with sources added by the 1-argument | from Configuration |
| getId | Gets the unique identifier of this configuration among all data flow tracking configurations. | from Configuration |
| hasFlow | Holds if data may flow from | from Configuration |
| hasFlowPath | Holds if data may flow from | from Configuration |
| indexOf | Returns all the offsets at which the given string occurs in the receiver | from string |
| indexOf | Returns the index of n’th occurrence of the given string within receiver, starting at the given offset | from string |
| isAdditionalFlowStep | Holds if | from Configuration |
| isAdditionalFlowStep | INTERNAL: This predicate should not normally be used outside the data flow library. | from Configuration |
| isAdditionalFlowStep | Holds if | from Configuration |
| isAdditionalLoadStep | EXPERIMENTAL. This API may change in the future. | from Configuration |
| isAdditionalLoadStoreStep | EXPERIMENTAL. This API may change in the future. | from Configuration |
| isAdditionalLoadStoreStep | EXPERIMENTAL. This API may change in the future. | from Configuration |
| isAdditionalStoreStep | EXPERIMENTAL. This API may change in the future. | from Configuration |
| isAdditionalTaintStep | Holds if the additional taint propagation step from | from Configuration |
| isBarrier | Holds if the intermediate flow node | from Configuration |
| isBarrier | DEPRECATED: Use | from Configuration |
| isBarrier | DEPRECATED: Use | from Configuration |
| isBarrierEdge | Holds if flow with label | from Configuration |
| isBarrierEdge | Holds if flow from | from Configuration |
| isBarrierGuard | Holds if data flow node | from Configuration |
| isLabeledBarrier | Holds if flow with label | from Configuration |
| isLowercase | Holds when the receiver contains no upper-case letters | from string |
| isSanitizer | DEPRECATED: Use | from Configuration |
| isSanitizer | DEPRECATED: Use | from Configuration |
| isSanitizerEdge | Holds if the edge from | from Configuration |
| isSanitizerGuard | Holds if data flow node | from Configuration |
| isSink | Holds if | from Configuration |
| isSource | Holds if | from Configuration |
| isUppercase | Holds when the receiver contains no lower-case letters | from string |
| length | Returns the length of the receiver (in UTF-16 code units) | from string |
| matches | Holds when the receiver matches the pattern. Patterns are matched by case sensitive string matching, and there are two wildcards: _ matches a single character, and % matches any sequence of characters. To match the actual characters _ or % in the pattern, they must be escaped using backslashes. For example, | from string |
| prefix | Returns the substring of the receiver ending at the given offset | from string |
| regexpCapture | When the given regexp matches the entire receiver, returns the substring matched by the given capture group | from string |
| regexpFind | Returns a substring of the receiver which matches the given regexp. Also returns the offset within the receiver at which the match occurred (occurrenceOffset), and the number of matches which occur at smaller offsets (occurrenceIndex) | from string |
| regexpMatch | Holds when the given regexp matches the entire receiver | from string |
| regexpReplaceAll | Returns a copy of the receiver with every substring which matches the given regexp is replaced by the replacement | from string |
| replaceAll | Returns a copy of the receiver with all occurrences of the target replaced by the replacement | from string |
| splitAt | Returns all of the substrings obtained by splitting the receiver at every occurrence of the argument | from string |
| splitAt | Returns the n’th substring obtained by splitting the receiver at every occurrence of the argument | from string |
| substring | Returns the substring of the receiver which starts and ends at the given indices | from string |
| suffix | Returns the substring of the receiver starting at the given offset | from string |
| toDate | Returns the date, if any, obtained by parsing the receiver | from string |
| toFloat | Returns the floating point number, if any, obtained by parsing the receiver | from string |
| toInt | Returns the integer, if any, obtained by parsing the receiver | from string |
| toLowerCase | Returns a copy of the receiver with all uppercase characters replaced by lowercase ones | from string |
| toString | Returns the receiver | from string |
| toUpperCase | Returns a copy of the receiver with all lowercase characters replaced by uppercase ones | from string |
| trim | Returns a copy of the receiver with all whitespace removed from the beginning and end of the string (where whitespace is defined as unicode codepoints ‘\u0000’ through ‘\u0020’ inclusive) | from string |