CodeQL library for JavaScript/TypeScript
codeql/javascript-all 2.6.1-dev (changelog, source)
Search

Module UnvalidatedDynamicMethodCall

Import path

import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallCustomizations

Classes

BarrierGuard

A barrier guard for unvalidated dynamic method calls.

CalleeAsSink

A function invocation of an unsafe function, as a sink for remote unvalidated dynamic method calls.

DocumentUrlAsSource

The page URL considered as a flow source for unvalidated dynamic method calls.

FlowState

A flow state to associate with a tracked value.

FunctionCheck

A check of the form typeof x === 'function', which sanitizes away the MaybeNonFunction taint kind.

MaybeFromProto

A flow label describing values read from a user-controlled property that may originate from a prototype object.

MaybeNonFunction

A flow label describing values read from a user-controlled property that may not be functions.

NumberGuard

A guard that checks whether x is a number.

RemoteFlowSourceAsSource

DEPRECATED: Use ActiveThreatModelSource from Concepts instead!

Sanitizer

A sanitizer for unvalidated dynamic method calls.

Sink

A data flow sink for unvalidated dynamic method calls.

Source

A data flow source for unvalidated dynamic method calls.

Modules

FlowState

Predicates for working with flow states.