CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.3.1-dev (changelog, source)
Search

Module TemplateObjectInjection

Provides sources, sinks and sanitizers for reasoning about template object injection vulnerabilities.

Import path

import semmle.javascript.security.dataflow.TemplateObjectInjectionCustomizations

Imports

CommonFlowState

Contains a class with flow states that are used by multiple queries.

Predicates

usesVulnerableTemplateEngine

Holds if the “view engine” of router is set to a vulnerable templating engine.

Classes

Sanitizer

A sanitizer for template object injection vulnerabilities.

Sink

A data flow sink for template object injection vulnerabilities.

Source

A data flow source for template object injection vulnerabilities.