CodeQL library for JavaScript
Search

Module UnvalidatedDynamicMethodCallQuery

Provides a taint-tracking configuration for reasoning about unvalidated dynamic method calls.

Note, for performance reasons: only import this file if UnvalidatedDynamicMethodCall::Configuration is needed, otherwise UnvalidatedDynamicMethodCallCustomizations should be imported instead.

Import path

import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallQuery

Imports

Express

Provides classes for working with Express applications.

PropertyInjectionShared

Provides predicates for reasoning about flow of user-controlled values that are used as property names.

UnvalidatedDynamicMethodCall
javascript

Provides classes for working with JavaScript programs, as well as JSON, YAML and HTML.

Classes

Configuration

A taint-tracking configuration for reasoning about unvalidated dynamic method calls.