CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.8.12 (changelog, source)
Search

Module UnsafeCodeConstruction

Module containing sources, sinks, and sanitizers for code constructed from library input.

Import path

import semmle.javascript.security.dataflow.UnsafeCodeConstructionCustomizations

Classes

ExternalInputSource

A parameter of an exported function, seen as a source.

Sink

A sink for unsafe code constructed from library input vulnerabilities.

Source

A source for code constructed from library input vulnerabilities.

StringConcatExecutedAsCode

A string concatenation leaf that is later executed as code.