CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.3-dev (changelog, source)
Search

Module ResourceExhaustion

Provides sources, sinks, and sanitizers for reasoning about resource exhaustion vulnerabilities.

Import path

import semmle.javascript.security.dataflow.ResourceExhaustionCustomizations

Classes

BufferSizeSink

A node that determines the size of a buffer, considered as a data flow sink for resource exhaustion vulnerabilities.

DenseArraySizeSink

A node that determines the size of an array, considered as a data flow sink for resource exhaustion vulnerabilities. This is only an issue if the argument is a number, which we don’t track precisely.

RemoteFlowSourceAsSource

A source of remote user input, considered as a data flow source for resource exhaustion vulnerabilities.

Sanitizer

A data flow sanitizer for resource exhaustion vulnerabilities.

Sink

A data flow sink for resource exhaustion vulnerabilities.

Source

A data flow source for resource exhaustion vulnerabilities.

StringRepetitionSink

A node that determines the repetitions of a string, considered as a data flow sink for resource exhaustion vulnerabilities.

TimerDurationSink

A node that determines the duration of a timer, considered as a data flow sink for resource exhaustion vulnerabilities.