CodeQL library for JavaScript
codeql/javascript-all 0.6.2 ( changelog , source )
Index
Search

Module TaintedFormatString

Provides default sources, sinks and sanitizers for reasoning about format injections, as well as extension points for adding your own.

Import path

import semmle.javascript.security.dataflow.TaintedFormatStringCustomizations

Imports

TaintedFormatStringSpecific

Provides JS-specific imports needed for TaintedFormatStringQuery and TaintedFormatStringCustomizations.

Classes

FormatSink

A format argument to a printf-like function, considered as a flow sink for format injection.
RemoteSource

A source of remote user input, considered as a flow source for format injection.
Sanitizer

A sanitizer for format injections.
Sink

A data flow sink for format injections.
Source

A data flow source for format injections.