CodeQL library for JavaScript/TypeScript
codeql/javascript-all 1.1.4 (changelog, source)
Search

Class Shared::MetacharEscapeSanitizer

A global regexp replacement involving the <, ', or " meta-character, viewed as a sanitizer for XSS vulnerabilities.

Import path

import semmle.javascript.security.dataflow.Xss

Direct supertypes

Indirect supertypes

Known direct subtypes

    Inherited predicates

    accessesGlobal

    Holds if this data flow node accesses the global variable g, either directly or through the window object.

    from Node
    analyze

    Gets type inference results for this data flow node.

    from Node
    asExpr

    Gets the expression corresponding to this data flow node, if any.

    from Node
    backtrack

    Gets a node that may flow into this one using one heap and/or interprocedural step.

    from SourceNode
    calls

    Holds if this data flow node calls method methodName on receiver node receiver.

    from MethodCallNode
    flowsTo

    Holds if this node flows into sink in zero or more local (that is, intra-procedural) steps.

    from SourceNode
    flowsToExpr

    Holds if this node flows into sink in zero or more local (that is, intra-procedural) steps.

    from SourceNode
    getABoundCallbackParameter

    Gets a parameter of a callback passed into this call.

    from InvokeNode
    getABoundFunctionValue

    Gets a function value that may reach this node, possibly derived from a partial function invocation.

    from Node
    getACall

    Gets a function call to this node.

    from SourceNode
    getACallee

    Gets a potential callee of this call site.

    from InvokeNode
    getACallee

    Gets a callee of this call site where imprecision is a heuristic measure of how likely it is that callee is only suggested as a potential callee due to imprecise analysis of global variables and is not, in fact, a viable callee at all.

    from InvokeNode
    getACalleeValue

    Gets an abstract value representing possible callees of this call site.

    from InvokeNode
    getAChainedMethodCall

    Gets a chained method call that invokes methodName last.

    from SourceNode
    getAConstructorInvocation

    Gets a new call that invokes constructor constructorName on this node.

    from SourceNode
    getAFunctionValue

    Gets a function value that may reach this node.

    from Node
    getAFunctionValue

    Gets a function value that may reach this node with the given imprecision level.

    from Node
    getALocalSource

    Gets a source node from which data may flow to this node in zero or more local steps.

    from Node
    getALocalUse

    Gets a node into which data may flow from this node in zero or more local steps.

    from SourceNode
    getAMemberCall

    Gets a function call that invokes method memberName on this node.

    from SourceNode
    getAMemberInvocation

    Gets an invocation of the method or constructor named memberName on this node.

    from SourceNode
    getAMethodCall

    Gets a method call that invokes a method on this node.

    from SourceNode
    getAMethodCall

    Gets a method call that invokes method methodName on this node.

    from SourceNode
    getAPredecessor

    Gets a data flow node from which data may flow to this node in one local step.

    from Node
    getAPropertyRead

    Gets a read of any property on this node.

    from SourceNode
    getAPropertyRead

    Gets a read of property propName on this node.

    from SourceNode
    getAPropertyReference

    Gets a reference (read or write) of any property on this node.

    from SourceNode
    getAPropertyReference

    Gets a reference (read or write) of property propName on this node.

    from SourceNode
    getAPropertySource

    Gets a source node whose value is stored in a property of this node.

    from SourceNode
    getAPropertySource

    Gets a source node whose value is stored in property prop of this node.

    from SourceNode
    getAPropertyWrite

    Gets a write of any property on this node.

    from SourceNode
    getAPropertyWrite

    Gets a write of property propName on this node.

    from SourceNode
    getAReplacedString

    Gets a string that is being replaced by this call.

    from StringReplaceCall
    getASpreadArgument

    Gets a data flow node corresponding to an array of values being passed as individual arguments to this invocation.

    from InvokeNode
    getASuccessor

    Gets a data flow node to which data may flow from this node in one local step.

    from Node
    getAnArgument

    Gets the data flow node corresponding to an argument of this invocation.

    from InvokeNode
    getAnInstantiation

    Gets a new call to this node.

    from SourceNode
    getAnInvocation

    Gets an invocation (with our without new) of this node.

    from SourceNode
    getArgument

    Gets the data flow node corresponding to the ith argument of this invocation.

    from InvokeNode
    getAstNode

    Gets the AST node corresponding to this data flow node, if any.

    from Node
    getBasicBlock

    Gets the basic block to which this node belongs.

    from Node
    getCallback

    Gets a function passed as the ith argument of this invocation.

    from InvokeNode
    getCalleeName

    Gets the name of the function or method being invoked, if it can be determined.

    from InvokeNode
    getCalleeNode

    Gets the data flow node specifying the function to be called.

    from InvokeNode
    getContainer

    Gets the container in which this node occurs.

    from Node
    getEnclosingExpr

    Gets the expression enclosing this data flow node. In most cases the result is the same as asExpr(), however this method additionally includes the InvokeExpr corresponding to reflective calls.

    from Node
    getEnclosingFunctionfrom InvokeNode
    getEndColumn

    Gets the end column of this data flow node.

    from Node
    getEndLine

    Gets the end line of this data flow node.

    from Node
    getExceptionalReturn

    Gets the data flow node representing an exception thrown from this invocation.

    from InvokeNode
    getFile

    Gets the file this data flow node comes from.

    from Node
    getImmediatePredecessor

    Gets the immediate predecessor of this node, if any.

    from Node
    getIntValue

    Gets the integer value of this node, if it is an integer constant.

    from Node
    getInvokeExpr

    Gets the syntactic invoke expression underlying this function invocation.

    from InvokeNode
    getLastArgument

    Gets the data flow node corresponding to the last argument of this invocation.

    from InvokeNode
    getLocation

    Gets the location of this node.

    from Node
    getMethodName

    Gets the name of the invoked method, if it can be determined.

    from MethodCallNode
    getNumArgument

    Gets the number of arguments of this invocation, if it can be determined.

    from InvokeNode
    getOptionArgument

    Holds if the ith argument of this invocation is an object literal whose property name is set to result.

    from InvokeNode
    getRawReplacement

    Gets the second argument of this call to replace, which is either a string or a callback.

    from StringReplaceCall
    getReceiver

    Gets the data flow node corresponding to the receiver expression of this method call.

    from CallNode
    getRegExp

    Gets the regular expression passed as the first argument to replace, if any.

    from StringReplaceCall
    getReplacementCallback

    Gets a function flowing into the second argument of this call to replace.

    from StringReplaceCall
    getStartColumn

    Gets the start column of this data flow node.

    from Node
    getStartLine

    Gets the start line of this data flow node.

    from Node
    getStringValue

    Gets the string value of this node, if it is a string literal or constant string concatenation.

    from Node
    getTopLevel

    Gets the toplevel in which this node occurs.

    from Node
    hasLocationInfo

    Holds if this element is at the specified location. The location spans column startcolumn of line startline to column endcolumn of line endline in file filepath. For more information, see Locations.

    from Node
    hasPropertyWrite

    Holds if there is an assignment to property propName on this node, and the right hand side of the assignment is rhs.

    from SourceNode
    hasUnderlyingType

    Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

    from Node
    hasUnderlyingType

    Holds if this node is annotated with the given named type, or is declared as a subtype thereof, or is a union or intersection containing such a type.

    from Node
    isGlobal

    Holds if this is a global replacement, that is, the first argument is a regular expression with the g flag, or this is a call to .replaceAll().

    from StringReplaceCall
    isImprecise

    Holds if our approximation of possible callees for this call site is likely to be imprecise.

    from InvokeNode
    isIncomplete

    Holds if the flow information for this node is incomplete.

    from Node
    isIncomplete

    Holds if our approximation of possible callees for this call site is likely to be incomplete.

    from InvokeNode
    isIndefinite

    Holds if the approximation of possible callees for this call site is affected by the given analysis incompleteness cause.

    from InvokeNode
    isUncertain

    Holds if our approximation of possible callees for this call site is likely to be imprecise or incomplete.

    from InvokeNode
    mayHaveBooleanValue

    Holds if this node may evaluate to the Boolean value b.

    from Node
    mayHaveStringValue

    Holds if this node may evaluate to the string s, possibly through local data flow.

    from Node
    replaces

    Holds if this call to replace replaces old with new.

    from StringReplaceCall
    toString

    Gets a textual representation of this element.

    from Node
    track

    Gets a node that this node may flow to using one heap and/or interprocedural step.

    from SourceNode

    Charpred