Module SqlInjection
Import path
import semmle.javascript.security.dataflow.SqlInjectionCustomizationsClasses
| GraphqlInjectionSink | An GraphQL expression passed to an API call that executes GraphQL. |
| LdapJSSink | An LDAPjs sink. |
| LdapStringSanitizer | A chain of replace calls that replaces all unsafe chars for ldap injection. For simplicity it’s used as a sanitizer for all of |
| RemoteFlowSourceAsSource | DEPRECATED: Use |
| Sanitizer | A sanitizer for string based query injection vulnerabilities. |
| SanitizerExpr | An expression that sanitizes a value for the purposes of string based query injection. |
| Sink | A data flow sink for string based query injection vulnerabilities. |
| Source | A data flow source for string based query injection vulnerabilities. |
| SqlInjectionExprSink | An SQL expression passed to an API call that executes SQL. |
Aliases
| IncompleteBlacklistSanitizer | Provides classes and predicates for working with incomplete blacklist sanitizers. |