Module TaintedPath
Import path
import semmle.javascript.security.dataflow.TaintedPathCustomizations
Predicates
isAdditionalTaintedPathFlowStep | Holds if there is a step |
isRelative | Holds if |
Classes
AngularJSTemplateUrlSink | DEPRECATED. This is no longer seen as a path-injection sink. It is tentatively handled by the client-side URL redirection query for now. |
BarrierGuardNode | A barrier guard for tainted-path vulnerabilities. |
ContainsDotDotRegExpSanitizer | An expression of form |
ContainsDotDotSanitizer | An expression of form |
DotDotSlashPrefixRemovingReplace | A call that removes all instances of “../” in the prefix of the string. |
DotRemovingReplaceCall | A call that removes all “.” or “..” from a path, without also removing all forward slashes. |
ExpressRenderSink | A path argument to the Express |
FsPathSink | A path argument to a file system access. |
IsAbsoluteSanitizer | A call to |
IsInsideCheckSanitizer | An expression of form |
MembershipTestBarrierGuard | A check of the form |
ModulePathSink | An expression whose value is interpreted as a path to a module, making it a data flow sink for tainted-path vulnerabilities. |
NormalizingPathCall | A call that normalizes a path. |
NormalizingRelativePathCall | A call that normalizes a path and converts it to a relative path. |
PreservingPathCall | A call that preserves taint without changing the flow label. |
RelativePathStartsWithSanitizer | A sanitizer that recognizes the following pattern: |
RemoteFlowSourceAsSource | DEPRECATED: Use |
ResolveModuleSink | An expression whose value is resolved to a module using the resolve library. |
ResolvingPathCall | A call that converts a path to an absolute normalized path. |
Sanitizer | A sanitizer for tainted-path vulnerabilities. |
SendPathSink | The path argument of a send call, viewed as a sink. |
Sink | A data flow sink for tainted-path vulnerabilities. |
Source | A data flow source for tainted-path vulnerabilities. |
StartsWithDirSanitizer | A check of form |
StartsWithDotDotSanitizer | A check of form |