Module CodeInjection

Import path

import semmle.code.csharp.security.dataflow.CodeInjection

Imports

Compiler

Provides definitions related to the namespace System.CodeDom.Compiler.

Local

Provides classes representing sources of local input.

Remote

Provides classes representing data flow sources for remote user input.

Sanitizers

Provides classes for identifying expressions that might be sanitized.

Classes

CompileAssemblyFromSourceSink

A source argument to a call to ICodeCompiler.CompileAssemblyFromSource* which is a sink for code injection vulnerabilities.

LocalSource

A source of local user input.

RemoteSource

A source of remote user input.

RoslynCSharpScriptSink

A code argument to a call to a method on CSharpScript.

Sanitizer

A sanitizer for user input treated as code vulnerabilities.

Sink

A data flow sink for user input treated as code vulnerabilities.

Source

A data flow source for user input treated as code vulnerabilities.

TaintTrackingConfiguration

A taint-tracking configuration for user input treated as code vulnerabilities.