CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.2-dev (changelog, source)
Search

Member predicate TemplateObjInjectionConfig::isSanitizerGuard

Holds if data flow node guard can act as a sanitizer when appearing in a condition.

For example, if guard is the comparison expression in if(x == 'some-constant'){ ... x ... }, it could sanitize flow of x into the “then” branch.

Node that this only handles checks that operate directly on the tainted value. Objects that contain a tainted value in a property may still flow across the check. To block such objects, use a labeled sanitizer guard to block the data label.

predicate isSanitizerGuard(SanitizerGuardNode guard)