Module RemotePropertyInjection::RemotePropertyInjection

Classes

Configuration

A taint-tracking configuration for reasoning about remote property injection.

HeaderNameSink

A sink for HTTP header writes with dynamically computed header name. This sink avoids double-flagging by ignoring SetMultipleHeaders since the multiple headers use case consists of an objects containing different header names as properties. This case is already handled by PropertyWriteSink.

PropertyWriteSink

A sink for property writes with dynamically computed property name.

RemoteFlowSourceAsSource

A source of remote user input, considered as a flow source for remote property injection.

Sanitizer

A sanitizer for remote property injection.

Sink

A data flow sink for remote property injection.

Source

A data flow source for remote property injection.