CodeQL library for JavaScript/TypeScript
codeql/javascript-all 1.1.1-dev (changelog, source)
Search

Module TemplateObjectInjection

Provides sources, sinks and sanitizers for reasoning about template object injection vulnerabilities.

Import path

import semmle.javascript.security.dataflow.TemplateObjectInjectionCustomizations

Predicates

usesVulnerableTemplateEngine

Holds if the “view engine” of router is set to a vulnerable templating engine.

Classes

Sanitizer

A sanitizer for template object injection vulnerabilities.

Sink

A data flow sink for template object injection vulnerabilities.

Source

A data flow source for template object injection vulnerabilities.