mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
25 lines
776 B
Plaintext
25 lines
776 B
Plaintext
/**
|
|
* Provides a classes and predicates for contributing to the `view-component-input` threat model.
|
|
*/
|
|
|
|
private import javascript
|
|
|
|
/**
|
|
* An input to a view component, such as React props.
|
|
*/
|
|
abstract class ViewComponentInput extends DataFlow::Node {
|
|
/** Gets a string that describes the type of this threat-model source. */
|
|
abstract string getSourceType();
|
|
}
|
|
|
|
private class ViewComponentInputAsThreatModelSource extends ThreatModelSource::Range instanceof ViewComponentInput
|
|
{
|
|
ViewComponentInputAsThreatModelSource() {
|
|
not this.asExpr().getTypeBinding().isSanitizingPrimitiveType()
|
|
}
|
|
|
|
final override string getThreatModel() { result = "view-component-input" }
|
|
|
|
final override string getSourceType() { result = ViewComponentInput.super.getSourceType() }
|
|
}
|