Provides a taint-tracking configuration for reasoning about method invocations with a user-controlled method name on objects with unsafe methods.
Note, for performance reasons: only import this file if
UnsafeDynamicMethodAccess::Configuration is needed, otherwise
UnsafeDynamicMethodAccessCustomizations should be imported instead.
Import path
import semmle.javascript.security.dataflow.UnsafeDynamicMethodAccessQueryImports
| PropertyInjectionShared | Provides predicates for reasoning about flow of user-controlled values that are used as property names. |
| UnsafeDynamicMethodAccess | |
| javascript | Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML. |
Classes
| Configuration | A taint-tracking configuration for reasoning about unsafe dynamic method access. |