Module ResourceExhaustionQuery
Provides a taint tracking configuration for reasoning about resource exhaustion vulnerabilities (CWE-770).
Note, for performance reasons: only import this file if
ResourceExhaustion::Configuration is needed, otherwise
ResourceExhaustionCustomizations should be imported instead.
Import path
import semmle.javascript.security.dataflow.ResourceExhaustionQueryImports
| ResourceExhaustion | Provides sources, sinks, and sanitizers for reasoning about resource exhaustion vulnerabilities. |
| javascript | Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML. |
Predicates
| isNumericFlowStep | Holds if data is converted to a number from |
Classes
| Configuration | A data flow configuration for resource exhaustion vulnerabilities. |
| UpperBoundsCheckSanitizerGuard | A sanitizer that blocks taint flow if the size of a number is limited. |