A taint-propagating data flow edge that should be added to all taint tracking
configurations in addition to standard data flow edges.
This class is a singleton, and thus subclasses do not need to specify a characteristic predicate.
Note: For performance reasons, all subclasses of this class should be part
of the standard library. Override Configuration::isAdditionalTaintStep
for analysis-specific taint steps.
This class has multiple kinds of step predicates; these all have the same
effect on taint-tracking configurations. However, the categorization of steps
allows some data-flow configurations to opt in to specific kinds of taint steps.
Import path
import semmle.javascript.dataflow.TaintTracking
Predicates
| arrayStep | Holds if pred → succ should be considered a taint-propagating data flow edge through arrays.
|
| deserializeStep | Holds if pred → succ should be considered a taint-propagating data flow edge through data deserialization, such as JSON.parse.
|
| heapStep | Holds if pred → succ should be considered a taint-propagating data flow edge through the heap.
|
| heuristicStep | Holds if pred → succ should be considered a taint-propagating data flow edge contributed by the heuristics library.
|
| persistentStorageStep | Holds if pred → succ should be considered a taint-propagating data flow edge through persistent storage.
|
| promiseStep | Holds if pred → succ should be considered a taint-propagating data flow edge through a promise.
|
| serializeStep | Holds if pred → succ should be considered a taint-propagating data flow edge through data serialization, such as JSON.stringify.
|
| step | Holds if pred → succ should be considered a taint-propagating data flow edge.
|
| stringConcatenationStep | Holds if pred → succ should be considered a taint-propagating data flow edge through string concatenation.
|
| stringManipulationStep | Holds if pred → succ should be considered a taint-propagating data flow edge through string manipulation (other than concatenation).
|
| uriStep | Holds if pred → succ should be considered a taint-propagating data flow edge through URI manipulation.
|
| viewComponentStep | Holds if pred → succ should be considered a taint-propagating data flow edge through the state or props or a React component.
|
Inherited predicates
| toString | Gets a textual representation of this element.
| from Unit |