Class RegexInjection::Sink

A sink for “regular expression injection” vulnerabilities is the execution of a regular expression. If you have a custom way to execute regular expressions, you can extend RegexExecution::Range.

Import path

import semmle.python.security.dataflow.RegexInjectionCustomizations

Direct supertypes

Node

Indirect supertypes

TNode

Fields

regexExecution

Predicates

getRegexExecution

Gets the call that executes the regular expression marked by this sink.

Inherited predicates

asCfgNode	Gets the control-flow node corresponding to this node, if any.	from Node
asExpr	Gets the expression corresponding to this node, if any.	from Node
getALocalSource	Gets a local source node from which data may flow to this node in zero or more local data-flow steps.	from Node
getEnclosingCallable	Gets the enclosing callable of this node.	from Node
getLocation	Gets the location of this node	from Node
getScope	Gets the scope of this node.	from Node
hasLocationInfo	Holds if this element is at the specified location. The location spans column `startcolumn` of line `startline` to column `endcolumn` of line `endline` in file `filepath`. For more information, see Locations.	from Node
toString	Gets a textual representation of this element.	from Node

Charpred

Sink