Module LogInjectionQuery
Provides a taint-tracking configuration for reasoning about untrusted user input used in log entries.
Import path
import codeql.ruby.security.LogInjectionQuery
Imports
AST | |
Concepts | Provides abstract classes representing generic concepts such as file system access or system command execution, for which individual framework libraries provide concrete subclasses. |
Core | Provides modeling for the Ruby core libraries. |
DataFlow | Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses. |
RemoteFlowSources | Provides an extension point for modeling user-controlled data. Such data is often used as data-flow sources in security queries. |
TaintTracking |
Classes
HtmlEscapingAsSanitizer | A call to an HTML escape method is considered to sanitize its input. |
InspectSanitizer | A call to |
LogInjectionConfiguration | A taint-tracking configuration for untrusted user input used in log entries. DEPRECATED: Use |
LoggingSink | An input to a logging mechanism. |
RemoteSource | A source of remote user controlled input. |
Sanitizer | A sanitizer for malicious user input used in log entries. |
Sink | A data flow sink for user input used in log entries. |
Source | A data flow source for user input used in log entries. |
StringReplaceSanitizer | A call to |
Aliases
LogInjectionFlow | Taint-tracking for untrusted user input used in log entries. |