CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.2 (changelog, source)
Search

Module UnsafeDeserialization

Import path

import semmle.javascript.security.dataflow.UnsafeDeserializationCustomizations

Classes

JsYamlUnsafeLoad

An expression passed to one of the unsafe load functions of the js-yaml package.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for unsafe deserialization.

Sanitizer

A sanitizer for unsafe deserialization vulnerabilities.

Sink

A data flow sink for unsafe deserialization vulnerabilities.

Source

A data flow source for unsafe deserialization vulnerabilities.