CodeQL library for JavaScript
Search

Module PolynomialReDoS

Import path

import semmle.javascript.security.performance.PolynomialReDoSCustomizations

Predicates

isCharClassLike

Holds if term matches a set of strings of length 1.

Classes

ExternalInputSource

A parameter of an exported function, seen as a source for polynomial-redos.

LengthGuard

An check on the length of a string, seen as a sanitizer guard.

PolynomialBackTrackingTermUse

A use of a superlinear backtracking term, seen as a sink for polynomial regular expression denial-of-service vulnerabilities.

RequestInputAccessAsSource

A remote input to a server, seen as a source for polynomial regular expression denial-of-service vulnerabilities.

Sanitizer

A sanitizer for polynomial regular expression denial-of-service vulnerabilities.

Sink

A data flow sink node for polynomial regular expression denial-of-service vulnerabilities.

Source

A data flow source node for polynomial regular expression denial-of-service vulnerabilities.

StringLengthLimiter

An operation that limits the length of a string, seen as a sanitizer.