Module UnvalidatedDynamicMethodCall
Import path
import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallCustomizations
Classes
CalleeAsSink | A function invocation of an unsafe function, as a sink for remote unvalidated dynamic method calls. |
DocumentUrlAsSource | The page URL considered as a flow source for unvalidated dynamic method calls. |
FunctionCheck | A check of the form |
MaybeFromProto | A flow label describing values read from a user-controlled property that may originate from a prototype object. |
MaybeNonFunction | A flow label describing values read from a user-controlled property that may not be functions. |
NumberGuard | A guard that checks whether |
RemoteFlowSourceAsSource | DEPRECATED: Use |
Sanitizer | A sanitizer for unvalidated dynamic method calls. |
Sink | A data flow sink for unvalidated dynamic method calls. |
Source | A data flow source for unvalidated dynamic method calls. |