CodeQL library for JavaScript
Search

Module SqlInjection

Import path

import semmle.javascript.security.dataflow.SqlInjectionCustomizations

Classes

GraphqlInjectionSink

An GraphQL expression passed to an API call that executes GraphQL.

LdapJSSink

An LDAPjs sink.

LdapStringSanitizer

A chain of replace calls that replaces all unsafe chars for ldap injection. For simplicity it’s used as a sanitizer for all of js/sql-injection.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for string based query injection.

Sanitizer

A sanitizer for string based query injection vulnerabilities.

SanitizerExpr

An expression that sanitizes a value for the purposes of string based query injection.

Sink

A data flow sink for string based query injection vulnerabilities.

Source

A data flow source for string based query injection vulnerabilities.

SqlInjectionExprSink

An SQL expression passed to an API call that executes SQL.

Aliases

IncompleteBlacklistSanitizer

Provides classes and predicates for working with incomplete blacklist sanitizers.