Module UnvalidatedDynamicMethodCall
Import path
import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallCustomizationsClasses
| CalleeAsSink | A function invocation of an unsafe function, as a sink for remote unvalidated dynamic method calls. |
| DocumentUrlAsSource | The page URL considered as a flow source for unvalidated dynamic method calls. |
| FunctionCheck | A check of the form |
| MaybeFromProto | A flow label describing values read from a user-controlled property that may originate from a prototype object. |
| MaybeNonFunction | A flow label describing values read from a user-controlled property that may not be functions. |
| NumberGuard | A guard that checks whether |
| RemoteFlowSourceAsSource | A source of remote user input, considered as a source for unvalidated dynamic method calls. |
| Sanitizer | A sanitizer for unvalidated dynamic method calls. |
| Sink | A data flow sink for unvalidated dynamic method calls. |
| Source | A data flow source for unvalidated dynamic method calls. |