CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.0.1-dev (changelog, source)
Search

Module UnsafeDynamicMethodAccess

Import path

import semmle.javascript.security.dataflow.UnsafeDynamicMethodAccessCustomizations

Predicates

unsafeFunction

Gets the flow label describing values that may refer to an unsafe function as a result of an attacker-controlled property name.

Classes

CalleeAsSink

A function invocation of an unsafe function, as a sink for remote unsafe dynamic method access.

RemoteFlowSourceAsSource

A source of remote user input, considered as a source for unsafe dynamic method access.

Sanitizer

A sanitizer for unsafe dynamic method access.

Sink

A data flow sink for unsafe dynamic method access.

Source

A data flow source for unsafe dynamic method access.

UnsafeFunction

A flow label describing values that may refer to an unsafe function as a result of an attacker-controlled property name.