CodeQL library for JavaScript
Search

Module TaintedFormatString

Provides default sources, sinks and sanitizers for reasoning about format injections, as well as extension points for adding your own.

Import path

import semmle.javascript.security.dataflow.TaintedFormatStringCustomizations

Imports

TaintedFormatStringSpecific

Provides JS-specific imports needed for TaintedFormatStringQuery and TaintedFormatStringCustomizations.

Classes

FormatSink

A format argument to a printf-like function, considered as a flow sink for format injection.

RemoteSource

A source of remote user input, considered as a flow source for format injection.

Sanitizer

A sanitizer for format injections.

Sink

A data flow sink for format injections.

Source

A data flow source for format injections.