Module SqlInjection
Import path
import semmle.javascript.security.dataflow.SqlInjectionCustomizations
Classes
| GraphqlInjectionSink |
An GraphQL expression passed to an API call that executes GraphQL. |
| LdapJSSink |
An LDAPjs sink. |
| LdapStringSanitizer |
A chain of replace calls that replaces all unsafe chars for ldap injection. For simplicity it’s used as a sanitizer for all of |
| RemoteFlowSourceAsSource |
A source of remote user input, considered as a flow source for string based query injection. |
| Sanitizer |
A sanitizer for string based query injection vulnerabilities. |
| SanitizerExpr |
An expression that sanitizes a value for the purposes of string based query injection. |
| Sink |
A data flow sink for string based query injection vulnerabilities. |
| Source |
A data flow source for string based query injection vulnerabilities. |
| SqlInjectionExprSink |
An SQL expression passed to an API call that executes SQL. |
Aliases
| IncompleteBlacklistSanitizer |
Provides classes and predicates for working with incomplete blacklist sanitizers. |