hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Mention log-injection sink kind in docs

Browse Source
This commit is contained in:
Asger F
2023-07-31 14:04:16 +02:00
parent 4529d8b75a
commit a148c7cc87
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/codeql/codeql-language-guides/customizing-library-models-for-javascript.rst
View File

@@ -471,6 +471,7 @@ Unlike sources, sinks tend to be highly query-specific, rarely affecting more th
- **request-forgery**: A sink that controls the URL of a request, such as in a **fetch** call.
- **url-redirection**: A sink that can be used to redirect the user to a malicious URL.
- **unsafe-deserialization**: A deserialization sink that can lead to code execution or other unsafe behaviour, such as an unsafe YAML parser.
- **log-injection**: A sink that can be used for log injection, such as in a **console.log** call.
Summary kinds
~~~~~~~~~~~~~