Module ResourceExhaustionQuery
Provides a taint tracking configuration for reasoning about resource exhaustion vulnerabilities (CWE-770).
Note, for performance reasons: only import this file if
ResourceExhaustion::Configuration
is needed, otherwise
ResourceExhaustionCustomizations
should be imported instead.
Import path
import semmle.javascript.security.dataflow.ResourceExhaustionQuery
Imports
ResourceExhaustion | Provides sources, sinks, and sanitizers for reasoning about resource exhaustion vulnerabilities. |
javascript | Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML. |
Predicates
isNumericFlowStep | Holds if data is converted to a number from |
Classes
Configuration | A data flow configuration for resource exhaustion vulnerabilities. |
UpperBoundsCheckSanitizerGuard | A sanitizer that blocks taint flow if the size of a number is limited. |