CodeQL library for JavaScript
Search

Module UnsafeDynamicMethodAccessQuery

Provides a taint-tracking configuration for reasoning about method invocations with a user-controlled method name on objects with unsafe methods.

Note, for performance reasons: only import this file if UnsafeDynamicMethodAccess::Configuration is needed, otherwise UnsafeDynamicMethodAccessCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.UnsafeDynamicMethodAccessQuery

Imports

PropertyInjectionShared

Provides predicates for reasoning about flow of user-controlled values that are used as property names.

UnsafeDynamicMethodAccess
javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint-tracking configuration for reasoning about unsafe dynamic method access.