Module ResourceExhaustionQuery

Provides a taint tracking configuration for reasoning about resource exhaustion vulnerabilities (CWE-770).

Note, for performance reasons: only import this file if ResourceExhaustion::Configuration is needed, otherwise ResourceExhaustionCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.ResourceExhaustionQuery

Imports

ResourceExhaustion	Provides sources, sinks, and sanitizers for reasoning about resource exhaustion vulnerabilities.
javascript	Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Predicates

isNumericFlowStep

Holds if data is converted to a number from src to dst.

Classes

Configuration	DEPRECATED. Use the `ResourceExhaustionFlow` module instead.
UpperBoundsCheckSanitizerGuard	A sanitizer that blocks taint flow if the size of a number is limited.

Modules

ResourceExhaustionConfig

A data flow configuration for resource exhaustion vulnerabilities.

Aliases

ResourceExhaustionFlow

Data flow for resource exhaustion vulnerabilities.