Module SqlInjection
Import path
import semmle.javascript.security.dataflow.SqlInjectionCustomizations
Classes
GraphqlInjectionSink | An GraphQL expression passed to an API call that executes GraphQL. |
LdapJSSink | An LDAPjs sink. |
LdapStringSanitizer | A chain of replace calls that replaces all unsafe chars for ldap injection. For simplicity it’s used as a sanitizer for all of |
RemoteFlowSourceAsSource | A source of remote user input, considered as a flow source for string based query injection. |
Sanitizer | A sanitizer for string based query injection vulnerabilities. |
SanitizerExpr | An expression that sanitizes a value for the purposes of string based query injection. |
Sink | A data flow sink for string based query injection vulnerabilities. |
Source | A data flow source for string based query injection vulnerabilities. |
SqlInjectionExprSink | An SQL expression passed to an API call that executes SQL. |
Aliases
IncompleteBlacklistSanitizer | Provides classes and predicates for working with incomplete blacklist sanitizers. |