Module NoSqlInjection
Provides default sources, sinks and sanitizers for detecting “NoSql injection” vulnerabilities, as well as extension points for adding your own.
Import path
import semmle.python.security.dataflow.NoSqlInjectionCustomizationsClasses
| Dict | A state where the tracked data has been converted to a dictionary. |
| DictSink | A sink vulnerable to user controlled dictionaries. |
| DictSource | A source of allowing dictionaries. |
| FlowState | A flow state, tracking the structure of the data. |
| JsonDecoding | A JSON decoding converts a string to a dictionary. |
| NoSqlDecoding | A NoSQL decoding interprets a string as a dictionary. |
| NoSqlExecutionAsDictSink | A NoSQL query that is vulnerable to user controlled dictionaries. |
| NoSqlExecutionAsStringSink | A NoSQL query that is vulnerable to user controlled strings. |
| RemoteFlowSourceAsStringSource | A remote flow source considered a source of user controlled strings. |
| String | A state where the tracked data is only a string. |
| StringSink | A sink vulnerable to user controlled strings. |
| StringSource | A source allowing string inputs. |
| StringToDictConversion | A data flow node where a string is converted into a dictionary. |