CodeQL library for JavaScript
Search

Module UnvalidatedDynamicMethodCall

Import path

import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallCustomizations

Classes

CalleeAsSink

A function invocation of an unsafe function, as a sink for remote unvalidated dynamic method calls.

DocumentUrlAsSource

The page URL considered as a flow source for unvalidated dynamic method calls.

FunctionCheck

A check of the form typeof x === 'function', which sanitizes away the MaybeNonFunction taint kind.

MaybeFromProto

A flow label describing values read from a user-controlled property that may originate from a prototype object.

MaybeNonFunction

A flow label describing values read from a user-controlled property that may not be functions.

RemoteFlowSourceAsSource

A source of remote user input, considered as a source for unvalidated dynamic method calls.

Sanitizer

A sanitizer for unvalidated dynamic method calls.

Sink

A data flow sink for unvalidated dynamic method calls.

Source

A data flow source for unvalidated dynamic method calls.