CodeQL library for JavaScript/TypeScript
codeql/javascript-all 0.8.12 (changelog, source)
Search

Module XmlBomb

Import path

import semmle.javascript.security.dataflow.XmlBombCustomizations

Classes

LocationAsSource

An access to document.location, considered as a flow source for XML bomb vulnerabilities.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for XML bomb vulnerabilities.

Sanitizer

A sanitizer for XML-bomb vulnerabilities.

Sink

A data flow sink for XML-bomb vulnerabilities.

Source

A data flow source for XML-bomb vulnerabilities.

XmlParsingWithEntityResolution

A call to an XML parser that performs internal entity expansion, viewed as a data flow sink for XML-bomb vulnerabilities.