CodeQL library for JavaScript
codeql/javascript-all 0.6.2 ( changelog , source )
Search

Module UnvalidatedDynamicMethodCall

Import path

import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallCustomizations

Classes

CalleeAsSink

A function invocation of an unsafe function, as a sink for remote unvalidated dynamic method calls.

DocumentUrlAsSource

The page URL considered as a flow source for unvalidated dynamic method calls.

FunctionCheck

A check of the form typeof x === 'function', which sanitizes away the MaybeNonFunction taint kind.

MaybeFromProto

A flow label describing values read from a user-controlled property that may originate from a prototype object.

MaybeNonFunction

A flow label describing values read from a user-controlled property that may not be functions.

NumberGuard

A guard that checks whether x is a number.

RemoteFlowSourceAsSource

A source of remote user input, considered as a source for unvalidated dynamic method calls.

Sanitizer

A sanitizer for unvalidated dynamic method calls. Override the sanitizes predicate to specify an edge that should be sanitized. The this value is not seen as a sanitizer.

Sink

A data flow sink for unvalidated dynamic method calls.

Source

A data flow source for unvalidated dynamic method calls.