Module TaintTracking::TaintTracking

Provides classes for modelling taint propagation.

Predicates

isUrlSearchParams

Holds if params is a URLSearchParams object providing access to the parameters encoded in input.

Classes

AdHocWhitelistCheckSanitizer

A check of the form if(<isWhitelisted>(x)), which sanitizes x in its “then” branch.

AdditionalSanitizerGuardNode

A SanitizerGuardNode that controls which taint tracking configurations it is used in.

AdditionalTaintStep

A taint-propagating data flow edge that should be added to all taint tracking configurations in addition to standard data flow edges.

Configuration

A data flow tracking configuration that considers taint propagation through objects, arrays, promises and strings in addition to standard data flow.

ConstantComparison

A check of the form if(x == 'some-constant'), which sanitizes x in its “then” branch.

FlowTarget

DEPRECATED: Override Configuration::isAdditionalTaintStep or use AdditionalTaintStep instead.

InSanitizer

A check of the form if(x in o), which sanitizes x in its “then” branch.

IndexOfSanitizer

A check of the form if(whitelist.indexOf(x) != -1), which sanitizes x in its “then” branch.

LabeledSanitizerGuardNode

A sanitizer guard node that only blocks specific flow labels.

SanitizerGuardNode

A node that can act as a sanitizer when appearing in a condition.

SanitizingGuard

An expression that can act as a sanitizer for a variable when appearing in a condition.

SanitizingRegExpTest

A conditional checking a tainted string against a regular expression, which is considered to be a sanitizer for all configurations.

StringConcatenationTaintStep

A taint propagating data flow edge arising from string concatenations.

UndefinedCheckSanitizer

A check of the form if(o[x] != undefined), which sanitizes x in its “then” branch.

WhitelistContainmentCallSanitizer

A check of the form if(o.<contains>(x)), which sanitizes x in its “then” branch.

Aliases

DefaultTaintStep

DEPRECATED: Use AdditionalTaintStep instead.