Module SqlInjection
Import path
import semmle.javascript.security.dataflow.SqlInjectionCustomizations
Classes
GraphqlInjectionSink |
An GraphQL expression passed to an API call that executes GraphQL. |
LdapJSSink |
An LDAPjs sink. |
LdapStringSanitizer |
A chain of replace calls that replaces all unsafe chars for ldap injection. For simplicity it’s used as a sanitizer for all of |
RemoteFlowSourceAsSource |
A source of remote user input, considered as a flow source for string based query injection. |
Sanitizer |
A sanitizer for string based query injection vulnerabilities. |
SanitizerExpr |
An expression that sanitizes a value for the purposes of string based query injection. |
Sink |
A data flow sink for string based query injection vulnerabilities. |
Source |
A data flow source for string based query injection vulnerabilities. |
SqlInjectionExprSink |
An SQL expression passed to an API call that executes SQL. |
Aliases
IncompleteBlacklistSanitizer |
Provides classes and predicates for working with incomplete blacklist sanitizers. |