From 1f7dda7fbc07864bb5a631becc050891ee616714 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Thu, 6 Feb 2020 12:53:12 +0100 Subject: [PATCH 1/8] add dataflow barrier for if(xrandr) --- .../CWE-400/PrototypePollutionUtility.ql | 11 --------- .../javascript/dataflow/Configuration.qll | 15 ++++++++++++ .../CWE-022/TaintedPath/TaintedPath.js | 24 +++++++++++++++++++ 3 files changed, 39 insertions(+), 11 deletions(-) diff --git a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql index 376e2e16f56..f27036c9369 100644 --- a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql +++ b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql @@ -348,17 +348,6 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) - or - exists(ConditionGuardNode guard, SsaRefinementNode refinement | - node = DataFlow::ssaDefinitionNode(refinement) and - refinement.getGuard() = guard and - guard.getTest() instanceof VarAccess and - guard.getOutcome() = false - ) - } - override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { node instanceof BlacklistEqualityGuard or node instanceof WhitelistEqualityGuard or diff --git a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll index f281a8aa23e..b35285d936d 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll @@ -1480,3 +1480,18 @@ private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, Dat override predicate appliesTo(Configuration cfg) { f.appliesTo(cfg) } } + +/** A check of the `if(x)`, which sanitizes `x` in its "else" branch. */ +private class VarAccessBarrierGuard extends AdditionalBarrierGuardNode, DataFlow::Node { + VarAccess var; + + VarAccessBarrierGuard() { + var = this.getEnclosingExpr() + } + + override predicate blocks(boolean outcome, Expr e) { + var = e and outcome = false + } + + override predicate appliesTo(Configuration cfg) { any() } +} \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js index ece2d44a113..bba27255690 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js @@ -114,3 +114,27 @@ var server = http.createServer(function(req, res) { ); }); + +var server = http.createServer(function(req, res) { + let path = url.parse(req.url, true).query.path; + + if (path) { // sanitization + path = path.replace(/[\]\[*,;'"`<>\\?\/]/g, ''); // remove all invalid characters from states plus slashes + path = path.replace(/\.\./g, ''); // remove all ".." + } + + res.write(fs.readFileSync(path)); // OK. Is sanitized above. +}); + +var server = http.createServer(function(req, res) { + let path = url.parse(req.url, true).query.path; + + if (!path) { + + } else { // sanitization + path = path.replace(/[\]\[*,;'"`<>\\?\/]/g, ''); // remove all invalid characters from states plus slashes + path = path.replace(/\.\./g, ''); // remove all ".." + } + + res.write(fs.readFileSync(path)); // OK. Is sanitized above. +}); From ade93e66e1b5a650cdb49527c33a29dbcdfa2a60 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Thu, 6 Feb 2020 15:44:22 +0100 Subject: [PATCH 2/8] move the if(!x) from DataFLow to TaintTracking --- .../Security/CWE-400/PrototypePollutionUtility.ql | 3 ++- .../semmle/javascript/dataflow/Configuration.qll | 9 +++++---- .../semmle/javascript/dataflow/TaintTracking.qll | 15 +++++++++++++++ .../javascript/security/dataflow/TaintedPath.qll | 3 ++- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql index f27036c9369..6923b78d9d8 100644 --- a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql +++ b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql @@ -356,7 +356,8 @@ class PropNameTracking extends DataFlow::Configuration { node instanceof InstanceOfGuard or node instanceof TypeofGuard or node instanceof BlacklistInclusionGuard or - node instanceof WhitelistInclusionGuard + node instanceof WhitelistInclusionGuard or + node instanceof DataFlow::VarAccessBarrierGuard } } diff --git a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll index b35285d936d..6f9b78780f7 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll @@ -1481,8 +1481,11 @@ private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, Dat override predicate appliesTo(Configuration cfg) { f.appliesTo(cfg) } } -/** A check of the `if(x)`, which sanitizes `x` in its "else" branch. */ -private class VarAccessBarrierGuard extends AdditionalBarrierGuardNode, DataFlow::Node { +/** + * A check of the `if(x)`, which sanitizes `x` in its "else" branch. + * Can be added to a `isBarrierGuard` in a configuration to add the sanitization. + */ +class VarAccessBarrierGuard extends BarrierGuardNode, DataFlow::Node { VarAccess var; VarAccessBarrierGuard() { @@ -1492,6 +1495,4 @@ private class VarAccessBarrierGuard extends AdditionalBarrierGuardNode, DataFlow override predicate blocks(boolean outcome, Expr e) { var = e and outcome = false } - - override predicate appliesTo(Configuration cfg) { any() } } \ No newline at end of file diff --git a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll index be1df8bc7c2..fa573cf908a 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll @@ -914,4 +914,19 @@ module TaintTracking { DataFlow::localFlowStep(pred, succ) or any(AdditionalTaintStep s).step(pred, succ) } + + /** A check of the form `if(x)`, which sanitizes `x` in its "else" branch. */ + private class VarAccessBarrierGuard extends AdditionalSanitizerGuardNode, DataFlow::Node { + DataFlow::VarAccessBarrierGuard guard; + + VarAccessBarrierGuard() { + this = guard + } + + override predicate sanitizes(boolean outcome, Expr e) { + guard.blocks(outcome, e) + } + + override predicate appliesTo(Configuration cfg) { any() } + } } diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll index b46f7d508f7..5e888b6e768 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll @@ -35,7 +35,8 @@ module TaintedPath { guard instanceof StartsWithDotDotSanitizer or guard instanceof StartsWithDirSanitizer or guard instanceof IsAbsoluteSanitizer or - guard instanceof ContainsDotDotSanitizer + guard instanceof ContainsDotDotSanitizer or + guard instanceof DataFlow::VarAccessBarrierGuard } override predicate isAdditionalFlowStep( From 28657230590823a8143aa8566dea202c70950a1b Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Thu, 6 Feb 2020 15:44:33 +0100 Subject: [PATCH 3/8] add test for new barrier --- .../TaintTracking/BasicTaintTracking.expected | 2 ++ .../library-tests/TaintTracking/sanitizer-guards.js | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 22c9a6c4576..097f3559794 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -79,6 +79,8 @@ typeInferenceMismatch | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:45:8:45:8 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | | sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | | spread.js:2:15:2:22 | source() | spread.js:4:8:4:19 | { ...taint } | | spread.js:2:15:2:22 | source() | spread.js:5:8:5:43 | { f: 'h ... orld' } | | spread.js:2:15:2:22 | source() | spread.js:7:8:7:19 | [ ...taint ] | diff --git a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js index 8549776d5dc..caae61eba6f 100644 --- a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js +++ b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js @@ -74,3 +74,15 @@ function phi2() { } sink(x); // NOT OK } + +function falsy() { + let x = source(); + + sink(x); // NOT OK + + if (x) { + sink(x); // NOT OK + } else { + sink(x); // OK + } +} From 75f23a189deb6803849a58a31674cddc83a3ddd0 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Thu, 6 Feb 2020 15:53:03 +0100 Subject: [PATCH 4/8] update docstring Co-Authored-By: Asger F --- .../ql/src/semmle/javascript/dataflow/Configuration.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll index 6f9b78780f7..873a1dbed6a 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll @@ -1482,7 +1482,7 @@ private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, Dat } /** - * A check of the `if(x)`, which sanitizes `x` in its "else" branch. + * A check of the form `if(x)`, which sanitizes `x` in its "else" branch. * Can be added to a `isBarrierGuard` in a configuration to add the sanitization. */ class VarAccessBarrierGuard extends BarrierGuardNode, DataFlow::Node { @@ -1495,4 +1495,4 @@ class VarAccessBarrierGuard extends BarrierGuardNode, DataFlow::Node { override predicate blocks(boolean outcome, Expr e) { var = e and outcome = false } -} \ No newline at end of file +} From 1ece6b9afecf351ae9f911ac49c535032116415d Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Fri, 7 Feb 2020 12:55:42 +0100 Subject: [PATCH 5/8] update expected output of tests --- .../TaintBarriers/SanitizingGuard.expected | 351 ++++++++++++++++++ .../TaintTracking/DataFlowTracking.expected | 3 + .../TaintTracking/sanitizer-guards.js | 4 +- 3 files changed, 356 insertions(+), 2 deletions(-) diff --git a/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected b/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected index cf568e8c593..d09005ef78b 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected +++ b/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected @@ -1,68 +1,419 @@ +| tst.js:2:13:2:18 | SOURCE | ExampleConfiguration | false | tst.js:2:13:2:18 | SOURCE | +| tst.js:3:5:3:8 | SINK | ExampleConfiguration | false | tst.js:3:5:3:8 | SINK | +| tst.js:3:10:3:10 | v | ExampleConfiguration | false | tst.js:3:10:3:10 | v | | tst.js:5:9:5:21 | /^x$/.test(v) | ExampleConfiguration | true | tst.js:5:20:5:20 | v | +| tst.js:5:20:5:20 | v | ExampleConfiguration | false | tst.js:5:20:5:20 | v | +| tst.js:6:9:6:12 | SINK | ExampleConfiguration | false | tst.js:6:9:6:12 | SINK | +| tst.js:6:14:6:14 | v | ExampleConfiguration | false | tst.js:6:14:6:14 | v | +| tst.js:8:9:8:12 | SINK | ExampleConfiguration | false | tst.js:8:9:8:12 | SINK | +| tst.js:8:14:8:14 | v | ExampleConfiguration | false | tst.js:8:14:8:14 | v | +| tst.js:11:9:11:9 | v | ExampleConfiguration | false | tst.js:11:9:11:9 | v | | tst.js:11:9:11:25 | v.match(/[^a-z]/) | ExampleConfiguration | false | tst.js:11:9:11:9 | v | +| tst.js:12:9:12:12 | SINK | ExampleConfiguration | false | tst.js:12:9:12:12 | SINK | +| tst.js:12:14:12:14 | v | ExampleConfiguration | false | tst.js:12:14:12:14 | v | +| tst.js:14:9:14:12 | SINK | ExampleConfiguration | false | tst.js:14:9:14:12 | SINK | +| tst.js:14:14:14:14 | v | ExampleConfiguration | false | tst.js:14:14:14:14 | v | +| tst.js:20:13:20:18 | SOURCE | ExampleConfiguration | false | tst.js:20:13:20:18 | SOURCE | +| tst.js:21:5:21:8 | SINK | ExampleConfiguration | false | tst.js:21:5:21:8 | SINK | +| tst.js:21:10:21:10 | v | ExampleConfiguration | false | tst.js:21:10:21:10 | v | +| tst.js:23:9:23:9 | o | ExampleConfiguration | false | tst.js:23:9:23:9 | o | | tst.js:23:9:23:27 | o.hasOwnProperty(v) | ExampleConfiguration | true | tst.js:23:26:23:26 | v | +| tst.js:23:26:23:26 | v | ExampleConfiguration | false | tst.js:23:26:23:26 | v | +| tst.js:24:9:24:12 | SINK | ExampleConfiguration | false | tst.js:24:9:24:12 | SINK | +| tst.js:24:14:24:14 | v | ExampleConfiguration | false | tst.js:24:14:24:14 | v | +| tst.js:26:9:26:12 | SINK | ExampleConfiguration | false | tst.js:26:9:26:12 | SINK | +| tst.js:26:14:26:14 | v | ExampleConfiguration | false | tst.js:26:14:26:14 | v | +| tst.js:32:13:32:18 | SOURCE | ExampleConfiguration | false | tst.js:32:13:32:18 | SOURCE | +| tst.js:33:5:33:8 | SINK | ExampleConfiguration | false | tst.js:33:5:33:8 | SINK | +| tst.js:33:10:33:10 | v | ExampleConfiguration | false | tst.js:33:10:33:10 | v | +| tst.js:35:9:35:9 | v | ExampleConfiguration | false | tst.js:35:9:35:9 | v | | tst.js:35:9:35:14 | v in o | ExampleConfiguration | true | tst.js:35:9:35:9 | v | +| tst.js:35:14:35:14 | o | ExampleConfiguration | false | tst.js:35:14:35:14 | o | +| tst.js:36:9:36:12 | SINK | ExampleConfiguration | false | tst.js:36:9:36:12 | SINK | +| tst.js:36:14:36:14 | v | ExampleConfiguration | false | tst.js:36:14:36:14 | v | +| tst.js:38:9:38:12 | SINK | ExampleConfiguration | false | tst.js:38:9:38:12 | SINK | +| tst.js:38:14:38:14 | v | ExampleConfiguration | false | tst.js:38:14:38:14 | v | +| tst.js:44:13:44:18 | SOURCE | ExampleConfiguration | false | tst.js:44:13:44:18 | SOURCE | +| tst.js:45:5:45:8 | SINK | ExampleConfiguration | false | tst.js:45:5:45:8 | SINK | +| tst.js:45:10:45:10 | v | ExampleConfiguration | false | tst.js:45:10:45:10 | v | +| tst.js:47:9:47:9 | o | ExampleConfiguration | false | tst.js:47:9:47:9 | o | | tst.js:47:9:47:25 | o[v] == undefined | ExampleConfiguration | false | tst.js:47:11:47:11 | v | | tst.js:47:9:47:25 | o[v] == undefined | ExampleConfiguration | true | tst.js:47:9:47:12 | o[v] | +| tst.js:47:11:47:11 | v | ExampleConfiguration | false | tst.js:47:11:47:11 | v | +| tst.js:47:17:47:25 | undefined | ExampleConfiguration | false | tst.js:47:17:47:25 | undefined | +| tst.js:48:9:48:12 | SINK | ExampleConfiguration | false | tst.js:48:9:48:12 | SINK | +| tst.js:48:14:48:14 | v | ExampleConfiguration | false | tst.js:48:14:48:14 | v | +| tst.js:50:9:50:12 | SINK | ExampleConfiguration | false | tst.js:50:9:50:12 | SINK | +| tst.js:50:14:50:14 | v | ExampleConfiguration | false | tst.js:50:14:50:14 | v | +| tst.js:53:9:53:17 | undefined | ExampleConfiguration | false | tst.js:53:9:53:17 | undefined | | tst.js:53:9:53:26 | undefined === o[v] | ExampleConfiguration | false | tst.js:53:25:53:25 | v | | tst.js:53:9:53:26 | undefined === o[v] | ExampleConfiguration | true | tst.js:53:23:53:26 | o[v] | +| tst.js:53:23:53:23 | o | ExampleConfiguration | false | tst.js:53:23:53:23 | o | +| tst.js:53:25:53:25 | v | ExampleConfiguration | false | tst.js:53:25:53:25 | v | +| tst.js:54:9:54:12 | SINK | ExampleConfiguration | false | tst.js:54:9:54:12 | SINK | +| tst.js:54:14:54:14 | v | ExampleConfiguration | false | tst.js:54:14:54:14 | v | +| tst.js:56:9:56:12 | SINK | ExampleConfiguration | false | tst.js:56:9:56:12 | SINK | +| tst.js:56:14:56:14 | v | ExampleConfiguration | false | tst.js:56:14:56:14 | v | +| tst.js:59:9:59:9 | o | ExampleConfiguration | false | tst.js:59:9:59:9 | o | | tst.js:59:9:59:26 | o[v] !== undefined | ExampleConfiguration | false | tst.js:59:9:59:12 | o[v] | | tst.js:59:9:59:26 | o[v] !== undefined | ExampleConfiguration | true | tst.js:59:11:59:11 | v | +| tst.js:59:11:59:11 | v | ExampleConfiguration | false | tst.js:59:11:59:11 | v | +| tst.js:59:18:59:26 | undefined | ExampleConfiguration | false | tst.js:59:18:59:26 | undefined | +| tst.js:60:9:60:12 | SINK | ExampleConfiguration | false | tst.js:60:9:60:12 | SINK | +| tst.js:60:14:60:14 | v | ExampleConfiguration | false | tst.js:60:14:60:14 | v | +| tst.js:62:9:62:12 | SINK | ExampleConfiguration | false | tst.js:62:9:62:12 | SINK | +| tst.js:62:14:62:14 | v | ExampleConfiguration | false | tst.js:62:14:62:14 | v | +| tst.js:68:13:68:18 | SOURCE | ExampleConfiguration | false | tst.js:68:13:68:18 | SOURCE | +| tst.js:69:5:69:8 | SINK | ExampleConfiguration | false | tst.js:69:5:69:8 | SINK | +| tst.js:69:10:69:10 | v | ExampleConfiguration | false | tst.js:69:10:69:10 | v | +| tst.js:71:9:71:9 | o | ExampleConfiguration | false | tst.js:71:9:71:9 | o | | tst.js:71:9:71:26 | o.indexOf(v) == -1 | ExampleConfiguration | false | tst.js:71:19:71:19 | v | | tst.js:71:9:71:26 | o.indexOf(v) == -1 | ExampleConfiguration | true | tst.js:71:9:71:20 | o.indexOf(v) | +| tst.js:71:19:71:19 | v | ExampleConfiguration | false | tst.js:71:19:71:19 | v | +| tst.js:72:9:72:12 | SINK | ExampleConfiguration | false | tst.js:72:9:72:12 | SINK | +| tst.js:72:14:72:14 | v | ExampleConfiguration | false | tst.js:72:14:72:14 | v | +| tst.js:74:9:74:12 | SINK | ExampleConfiguration | false | tst.js:74:9:74:12 | SINK | +| tst.js:74:14:74:14 | v | ExampleConfiguration | false | tst.js:74:14:74:14 | v | | tst.js:77:9:77:27 | -1 === o.indexOf(v) | ExampleConfiguration | false | tst.js:77:26:77:26 | v | | tst.js:77:9:77:27 | -1 === o.indexOf(v) | ExampleConfiguration | true | tst.js:77:16:77:27 | o.indexOf(v) | +| tst.js:77:16:77:16 | o | ExampleConfiguration | false | tst.js:77:16:77:16 | o | +| tst.js:77:26:77:26 | v | ExampleConfiguration | false | tst.js:77:26:77:26 | v | +| tst.js:78:9:78:12 | SINK | ExampleConfiguration | false | tst.js:78:9:78:12 | SINK | +| tst.js:78:14:78:14 | v | ExampleConfiguration | false | tst.js:78:14:78:14 | v | +| tst.js:80:9:80:12 | SINK | ExampleConfiguration | false | tst.js:80:9:80:12 | SINK | +| tst.js:80:14:80:14 | v | ExampleConfiguration | false | tst.js:80:14:80:14 | v | +| tst.js:83:9:83:9 | o | ExampleConfiguration | false | tst.js:83:9:83:9 | o | | tst.js:83:9:83:27 | o.indexOf(v) !== -1 | ExampleConfiguration | false | tst.js:83:9:83:20 | o.indexOf(v) | | tst.js:83:9:83:27 | o.indexOf(v) !== -1 | ExampleConfiguration | true | tst.js:83:19:83:19 | v | +| tst.js:83:19:83:19 | v | ExampleConfiguration | false | tst.js:83:19:83:19 | v | +| tst.js:84:9:84:12 | SINK | ExampleConfiguration | false | tst.js:84:9:84:12 | SINK | +| tst.js:84:14:84:14 | v | ExampleConfiguration | false | tst.js:84:14:84:14 | v | +| tst.js:86:9:86:12 | SINK | ExampleConfiguration | false | tst.js:86:9:86:12 | SINK | +| tst.js:86:14:86:14 | v | ExampleConfiguration | false | tst.js:86:14:86:14 | v | +| tst.js:92:13:92:18 | SOURCE | ExampleConfiguration | false | tst.js:92:13:92:18 | SOURCE | +| tst.js:93:5:93:8 | SINK | ExampleConfiguration | false | tst.js:93:5:93:8 | SINK | +| tst.js:93:10:93:10 | v | ExampleConfiguration | false | tst.js:93:10:93:10 | v | +| tst.js:95:9:95:9 | o | ExampleConfiguration | false | tst.js:95:9:95:9 | o | | tst.js:95:9:95:21 | o.contains(v) | ExampleConfiguration | true | tst.js:95:20:95:20 | v | +| tst.js:95:20:95:20 | v | ExampleConfiguration | false | tst.js:95:20:95:20 | v | +| tst.js:96:9:96:12 | SINK | ExampleConfiguration | false | tst.js:96:9:96:12 | SINK | +| tst.js:96:14:96:14 | v | ExampleConfiguration | false | tst.js:96:14:96:14 | v | +| tst.js:98:9:98:12 | SINK | ExampleConfiguration | false | tst.js:98:9:98:12 | SINK | +| tst.js:98:14:98:14 | v | ExampleConfiguration | false | tst.js:98:14:98:14 | v | +| tst.js:104:13:104:18 | SOURCE | ExampleConfiguration | false | tst.js:104:13:104:18 | SOURCE | +| tst.js:105:5:105:8 | SINK | ExampleConfiguration | false | tst.js:105:5:105:8 | SINK | +| tst.js:105:10:105:10 | v | ExampleConfiguration | false | tst.js:105:10:105:10 | v | +| tst.js:107:9:107:9 | o | ExampleConfiguration | false | tst.js:107:9:107:9 | o | | tst.js:107:9:107:16 | o.has(v) | ExampleConfiguration | true | tst.js:107:15:107:15 | v | +| tst.js:107:15:107:15 | v | ExampleConfiguration | false | tst.js:107:15:107:15 | v | +| tst.js:108:9:108:12 | SINK | ExampleConfiguration | false | tst.js:108:9:108:12 | SINK | +| tst.js:108:14:108:14 | v | ExampleConfiguration | false | tst.js:108:14:108:14 | v | +| tst.js:110:9:110:12 | SINK | ExampleConfiguration | false | tst.js:110:9:110:12 | SINK | +| tst.js:110:14:110:14 | v | ExampleConfiguration | false | tst.js:110:14:110:14 | v | +| tst.js:116:13:116:18 | SOURCE | ExampleConfiguration | false | tst.js:116:13:116:18 | SOURCE | +| tst.js:117:5:117:8 | SINK | ExampleConfiguration | false | tst.js:117:5:117:8 | SINK | +| tst.js:117:10:117:10 | v | ExampleConfiguration | false | tst.js:117:10:117:10 | v | +| tst.js:119:9:119:9 | o | ExampleConfiguration | false | tst.js:119:9:119:9 | o | | tst.js:119:9:119:21 | o.includes(v) | ExampleConfiguration | true | tst.js:119:20:119:20 | v | +| tst.js:119:20:119:20 | v | ExampleConfiguration | false | tst.js:119:20:119:20 | v | +| tst.js:120:9:120:12 | SINK | ExampleConfiguration | false | tst.js:120:9:120:12 | SINK | +| tst.js:120:14:120:14 | v | ExampleConfiguration | false | tst.js:120:14:120:14 | v | +| tst.js:122:9:122:12 | SINK | ExampleConfiguration | false | tst.js:122:9:122:12 | SINK | +| tst.js:122:14:122:14 | v | ExampleConfiguration | false | tst.js:122:14:122:14 | v | +| tst.js:128:13:128:18 | SOURCE | ExampleConfiguration | false | tst.js:128:13:128:18 | SOURCE | +| tst.js:129:5:129:8 | SINK | ExampleConfiguration | false | tst.js:129:5:129:8 | SINK | +| tst.js:129:10:129:10 | v | ExampleConfiguration | false | tst.js:129:10:129:10 | v | +| tst.js:131:9:131:9 | o | ExampleConfiguration | false | tst.js:131:9:131:9 | o | | tst.js:131:9:131:27 | o.hasOwnProperty(v) | ExampleConfiguration | true | tst.js:131:26:131:26 | v | +| tst.js:131:26:131:26 | v | ExampleConfiguration | false | tst.js:131:26:131:26 | v | +| tst.js:132:9:132:12 | SINK | ExampleConfiguration | false | tst.js:132:9:132:12 | SINK | +| tst.js:132:14:132:14 | v | ExampleConfiguration | false | tst.js:132:14:132:14 | v | +| tst.js:133:16:133:16 | o | ExampleConfiguration | false | tst.js:133:16:133:16 | o | | tst.js:133:16:133:36 | o.hasOw ... ty(v.p) | ExampleConfiguration | true | tst.js:133:33:133:35 | v.p | +| tst.js:133:33:133:33 | v | ExampleConfiguration | false | tst.js:133:33:133:33 | v | +| tst.js:134:9:134:12 | SINK | ExampleConfiguration | false | tst.js:134:9:134:12 | SINK | +| tst.js:134:14:134:14 | v | ExampleConfiguration | false | tst.js:134:14:134:14 | v | +| tst.js:135:16:135:16 | o | ExampleConfiguration | false | tst.js:135:16:135:16 | o | | tst.js:135:16:135:38 | o.hasOw ... (v.p.q) | ExampleConfiguration | true | tst.js:135:33:135:37 | v.p.q | +| tst.js:135:33:135:33 | v | ExampleConfiguration | false | tst.js:135:33:135:33 | v | +| tst.js:136:9:136:12 | SINK | ExampleConfiguration | false | tst.js:136:9:136:12 | SINK | +| tst.js:136:14:136:14 | v | ExampleConfiguration | false | tst.js:136:14:136:14 | v | +| tst.js:137:16:137:16 | o | ExampleConfiguration | false | tst.js:137:16:137:16 | o | | tst.js:137:16:137:36 | o.hasOw ... ty(v.p) | ExampleConfiguration | true | tst.js:137:33:137:35 | v.p | +| tst.js:137:33:137:33 | v | ExampleConfiguration | false | tst.js:137:33:137:33 | v | +| tst.js:138:9:138:12 | SINK | ExampleConfiguration | false | tst.js:138:9:138:12 | SINK | +| tst.js:138:14:138:14 | v | ExampleConfiguration | false | tst.js:138:14:138:14 | v | +| tst.js:139:16:139:16 | o | ExampleConfiguration | false | tst.js:139:16:139:16 | o | | tst.js:139:16:139:41 | o.hasOw ... "p.q"]) | ExampleConfiguration | true | tst.js:139:33:139:40 | v["p.q"] | +| tst.js:139:33:139:33 | v | ExampleConfiguration | false | tst.js:139:33:139:33 | v | +| tst.js:140:9:140:12 | SINK | ExampleConfiguration | false | tst.js:140:9:140:12 | SINK | +| tst.js:140:14:140:14 | v | ExampleConfiguration | false | tst.js:140:14:140:14 | v | +| tst.js:145:13:145:18 | SOURCE | ExampleConfiguration | false | tst.js:145:13:145:18 | SOURCE | +| tst.js:146:5:146:8 | SINK | ExampleConfiguration | false | tst.js:146:5:146:8 | SINK | +| tst.js:146:10:146:10 | v | ExampleConfiguration | false | tst.js:146:10:146:10 | v | +| tst.js:148:9:148:9 | v | ExampleConfiguration | false | tst.js:148:9:148:9 | v | | tst.js:148:9:148:27 | v == "white-listed" | ExampleConfiguration | true | tst.js:148:9:148:9 | v | | tst.js:148:9:148:27 | v == "white-listed" | ExampleConfiguration | true | tst.js:148:14:148:27 | "white-listed" | +| tst.js:149:9:149:12 | SINK | ExampleConfiguration | false | tst.js:149:9:149:12 | SINK | +| tst.js:149:14:149:14 | v | ExampleConfiguration | false | tst.js:149:14:149:14 | v | +| tst.js:151:9:151:12 | SINK | ExampleConfiguration | false | tst.js:151:9:151:12 | SINK | +| tst.js:151:14:151:14 | v | ExampleConfiguration | false | tst.js:151:14:151:14 | v | | tst.js:154:9:154:27 | "white-listed" != v | ExampleConfiguration | false | tst.js:154:9:154:22 | "white-listed" | | tst.js:154:9:154:27 | "white-listed" != v | ExampleConfiguration | false | tst.js:154:27:154:27 | v | +| tst.js:154:27:154:27 | v | ExampleConfiguration | false | tst.js:154:27:154:27 | v | +| tst.js:155:9:155:12 | SINK | ExampleConfiguration | false | tst.js:155:9:155:12 | SINK | +| tst.js:155:14:155:14 | v | ExampleConfiguration | false | tst.js:155:14:155:14 | v | +| tst.js:157:9:157:12 | SINK | ExampleConfiguration | false | tst.js:157:9:157:12 | SINK | +| tst.js:157:14:157:14 | v | ExampleConfiguration | false | tst.js:157:14:157:14 | v | +| tst.js:160:9:160:9 | v | ExampleConfiguration | false | tst.js:160:9:160:9 | v | | tst.js:160:9:160:30 | v === " ... sted-1" | ExampleConfiguration | true | tst.js:160:9:160:9 | v | | tst.js:160:9:160:30 | v === " ... sted-1" | ExampleConfiguration | true | tst.js:160:15:160:30 | "white-listed-1" | +| tst.js:160:35:160:35 | v | ExampleConfiguration | false | tst.js:160:35:160:35 | v | | tst.js:160:35:160:56 | v === " ... sted-2" | ExampleConfiguration | true | tst.js:160:35:160:35 | v | | tst.js:160:35:160:56 | v === " ... sted-2" | ExampleConfiguration | true | tst.js:160:41:160:56 | "white-listed-2" | +| tst.js:161:9:161:12 | SINK | ExampleConfiguration | false | tst.js:161:9:161:12 | SINK | +| tst.js:161:14:161:14 | v | ExampleConfiguration | false | tst.js:161:14:161:14 | v | +| tst.js:163:9:163:12 | SINK | ExampleConfiguration | false | tst.js:163:9:163:12 | SINK | +| tst.js:163:14:163:14 | v | ExampleConfiguration | false | tst.js:163:14:163:14 | v | +| tst.js:166:9:166:9 | v | ExampleConfiguration | false | tst.js:166:9:166:9 | v | | tst.js:166:9:166:16 | v == !!0 | ExampleConfiguration | true | tst.js:166:9:166:9 | v | | tst.js:166:9:166:16 | v == !!0 | ExampleConfiguration | true | tst.js:166:14:166:16 | !!0 | +| tst.js:167:9:167:12 | SINK | ExampleConfiguration | false | tst.js:167:9:167:12 | SINK | +| tst.js:167:14:167:14 | v | ExampleConfiguration | false | tst.js:167:14:167:14 | v | +| tst.js:169:9:169:12 | SINK | ExampleConfiguration | false | tst.js:169:9:169:12 | SINK | +| tst.js:169:14:169:14 | v | ExampleConfiguration | false | tst.js:169:14:169:14 | v | +| tst.js:174:34:174:34 | x | ExampleConfiguration | false | tst.js:174:34:174:34 | x | +| tst.js:175:13:175:18 | SOURCE | ExampleConfiguration | false | tst.js:175:13:175:18 | SOURCE | +| tst.js:176:5:176:5 | v | ExampleConfiguration | false | tst.js:176:5:176:5 | v | +| tst.js:176:9:176:16 | SANITIZE | ExampleConfiguration | false | tst.js:176:9:176:16 | SANITIZE | +| tst.js:176:18:176:18 | v | ExampleConfiguration | false | tst.js:176:18:176:18 | v | +| tst.js:177:5:177:8 | SINK | ExampleConfiguration | false | tst.js:177:5:177:8 | SINK | +| tst.js:177:10:177:10 | v | ExampleConfiguration | false | tst.js:177:10:177:10 | v | +| tst.js:181:13:181:18 | SOURCE | ExampleConfiguration | false | tst.js:181:13:181:18 | SOURCE | +| tst.js:182:5:182:8 | SINK | ExampleConfiguration | false | tst.js:182:5:182:8 | SINK | +| tst.js:182:10:182:10 | v | ExampleConfiguration | false | tst.js:182:10:182:10 | v | | tst.js:184:9:184:21 | ~o.indexOf(v) | ExampleConfiguration | true | tst.js:184:20:184:20 | v | +| tst.js:184:10:184:10 | o | ExampleConfiguration | false | tst.js:184:10:184:10 | o | +| tst.js:184:20:184:20 | v | ExampleConfiguration | false | tst.js:184:20:184:20 | v | +| tst.js:185:9:185:12 | SINK | ExampleConfiguration | false | tst.js:185:9:185:12 | SINK | +| tst.js:185:14:185:14 | v | ExampleConfiguration | false | tst.js:185:14:185:14 | v | +| tst.js:187:9:187:12 | SINK | ExampleConfiguration | false | tst.js:187:9:187:12 | SINK | +| tst.js:187:14:187:14 | v | ExampleConfiguration | false | tst.js:187:14:187:14 | v | | tst.js:190:10:190:22 | ~o.indexOf(v) | ExampleConfiguration | true | tst.js:190:21:190:21 | v | +| tst.js:190:11:190:11 | o | ExampleConfiguration | false | tst.js:190:11:190:11 | o | +| tst.js:190:21:190:21 | v | ExampleConfiguration | false | tst.js:190:21:190:21 | v | +| tst.js:191:9:191:12 | SINK | ExampleConfiguration | false | tst.js:191:9:191:12 | SINK | +| tst.js:191:14:191:14 | v | ExampleConfiguration | false | tst.js:191:14:191:14 | v | +| tst.js:193:9:193:12 | SINK | ExampleConfiguration | false | tst.js:193:9:193:12 | SINK | +| tst.js:193:14:193:14 | v | ExampleConfiguration | false | tst.js:193:14:193:14 | v | +| tst.js:199:13:199:18 | SOURCE | ExampleConfiguration | false | tst.js:199:13:199:18 | SOURCE | +| tst.js:200:5:200:8 | SINK | ExampleConfiguration | false | tst.js:200:5:200:8 | SINK | +| tst.js:200:10:200:10 | v | ExampleConfiguration | false | tst.js:200:10:200:10 | v | +| tst.js:202:9:202:9 | o | ExampleConfiguration | false | tst.js:202:9:202:9 | o | | tst.js:202:9:202:26 | o.indexOf(v) <= -1 | ExampleConfiguration | false | tst.js:202:19:202:19 | v | +| tst.js:202:19:202:19 | v | ExampleConfiguration | false | tst.js:202:19:202:19 | v | +| tst.js:203:9:203:12 | SINK | ExampleConfiguration | false | tst.js:203:9:203:12 | SINK | +| tst.js:203:14:203:14 | v | ExampleConfiguration | false | tst.js:203:14:203:14 | v | +| tst.js:205:9:205:12 | SINK | ExampleConfiguration | false | tst.js:205:9:205:12 | SINK | +| tst.js:205:14:205:14 | v | ExampleConfiguration | false | tst.js:205:14:205:14 | v | +| tst.js:208:9:208:9 | o | ExampleConfiguration | false | tst.js:208:9:208:9 | o | | tst.js:208:9:208:25 | o.indexOf(v) >= 0 | ExampleConfiguration | true | tst.js:208:19:208:19 | v | +| tst.js:208:19:208:19 | v | ExampleConfiguration | false | tst.js:208:19:208:19 | v | +| tst.js:209:9:209:12 | SINK | ExampleConfiguration | false | tst.js:209:9:209:12 | SINK | +| tst.js:209:14:209:14 | v | ExampleConfiguration | false | tst.js:209:14:209:14 | v | +| tst.js:211:9:211:12 | SINK | ExampleConfiguration | false | tst.js:211:9:211:12 | SINK | +| tst.js:211:14:211:14 | v | ExampleConfiguration | false | tst.js:211:14:211:14 | v | +| tst.js:214:9:214:9 | o | ExampleConfiguration | false | tst.js:214:9:214:9 | o | | tst.js:214:9:214:24 | o.indexOf(v) < 0 | ExampleConfiguration | false | tst.js:214:19:214:19 | v | +| tst.js:214:19:214:19 | v | ExampleConfiguration | false | tst.js:214:19:214:19 | v | +| tst.js:215:9:215:12 | SINK | ExampleConfiguration | false | tst.js:215:9:215:12 | SINK | +| tst.js:215:14:215:14 | v | ExampleConfiguration | false | tst.js:215:14:215:14 | v | +| tst.js:217:9:217:12 | SINK | ExampleConfiguration | false | tst.js:217:9:217:12 | SINK | +| tst.js:217:14:217:14 | v | ExampleConfiguration | false | tst.js:217:14:217:14 | v | +| tst.js:220:9:220:9 | o | ExampleConfiguration | false | tst.js:220:9:220:9 | o | | tst.js:220:9:220:25 | o.indexOf(v) > -1 | ExampleConfiguration | true | tst.js:220:19:220:19 | v | +| tst.js:220:19:220:19 | v | ExampleConfiguration | false | tst.js:220:19:220:19 | v | +| tst.js:221:9:221:12 | SINK | ExampleConfiguration | false | tst.js:221:9:221:12 | SINK | +| tst.js:221:14:221:14 | v | ExampleConfiguration | false | tst.js:221:14:221:14 | v | +| tst.js:223:9:223:12 | SINK | ExampleConfiguration | false | tst.js:223:9:223:12 | SINK | +| tst.js:223:14:223:14 | v | ExampleConfiguration | false | tst.js:223:14:223:14 | v | | tst.js:226:9:226:26 | -1 >= o.indexOf(v) | ExampleConfiguration | false | tst.js:226:25:226:25 | v | +| tst.js:226:15:226:15 | o | ExampleConfiguration | false | tst.js:226:15:226:15 | o | +| tst.js:226:25:226:25 | v | ExampleConfiguration | false | tst.js:226:25:226:25 | v | +| tst.js:227:9:227:12 | SINK | ExampleConfiguration | false | tst.js:227:9:227:12 | SINK | +| tst.js:227:14:227:14 | v | ExampleConfiguration | false | tst.js:227:14:227:14 | v | +| tst.js:229:9:229:12 | SINK | ExampleConfiguration | false | tst.js:229:9:229:12 | SINK | +| tst.js:229:14:229:14 | v | ExampleConfiguration | false | tst.js:229:14:229:14 | v | +| tst.js:235:13:235:18 | SOURCE | ExampleConfiguration | false | tst.js:235:13:235:18 | SOURCE | +| tst.js:236:9:236:21 | isWhitelisted | ExampleConfiguration | false | tst.js:236:9:236:21 | isWhitelisted | | tst.js:236:9:236:24 | isWhitelisted(v) | ExampleConfiguration | true | tst.js:236:23:236:23 | v | +| tst.js:236:23:236:23 | v | ExampleConfiguration | false | tst.js:236:23:236:23 | v | +| tst.js:237:9:237:12 | SINK | ExampleConfiguration | false | tst.js:237:9:237:12 | SINK | +| tst.js:237:14:237:14 | v | ExampleConfiguration | false | tst.js:237:14:237:14 | v | +| tst.js:239:9:239:12 | SINK | ExampleConfiguration | false | tst.js:239:9:239:12 | SINK | +| tst.js:239:14:239:14 | v | ExampleConfiguration | false | tst.js:239:14:239:14 | v | +| tst.js:240:9:240:14 | config | ExampleConfiguration | false | tst.js:240:9:240:14 | config | | tst.js:240:9:240:28 | config.allowValue(v) | ExampleConfiguration | true | tst.js:240:27:240:27 | v | +| tst.js:240:27:240:27 | v | ExampleConfiguration | false | tst.js:240:27:240:27 | v | +| tst.js:241:9:241:12 | SINK | ExampleConfiguration | false | tst.js:241:9:241:12 | SINK | +| tst.js:241:14:241:14 | v | ExampleConfiguration | false | tst.js:241:14:241:14 | v | +| tst.js:243:9:243:12 | SINK | ExampleConfiguration | false | tst.js:243:9:243:12 | SINK | +| tst.js:243:14:243:14 | v | ExampleConfiguration | false | tst.js:243:14:243:14 | v | +| tst.js:248:13:248:18 | SOURCE | ExampleConfiguration | false | tst.js:248:13:248:18 | SOURCE | +| tst.js:249:5:249:8 | SINK | ExampleConfiguration | false | tst.js:249:5:249:8 | SINK | +| tst.js:249:10:249:10 | v | ExampleConfiguration | false | tst.js:249:10:249:10 | v | +| tst.js:252:16:252:24 | whitelist | ExampleConfiguration | false | tst.js:252:16:252:24 | whitelist | | tst.js:252:16:252:36 | whiteli ... ains(x) | ExampleConfiguration | true | tst.js:252:35:252:35 | x | +| tst.js:252:35:252:35 | x | ExampleConfiguration | false | tst.js:252:35:252:35 | x | +| tst.js:254:9:254:9 | f | ExampleConfiguration | false | tst.js:254:9:254:9 | f | +| tst.js:254:11:254:11 | v | ExampleConfiguration | false | tst.js:254:11:254:11 | v | +| tst.js:255:9:255:12 | SINK | ExampleConfiguration | false | tst.js:255:9:255:12 | SINK | +| tst.js:255:14:255:14 | v | ExampleConfiguration | false | tst.js:255:14:255:14 | v | +| tst.js:257:9:257:12 | SINK | ExampleConfiguration | false | tst.js:257:9:257:12 | SINK | +| tst.js:257:14:257:14 | v | ExampleConfiguration | false | tst.js:257:14:257:14 | v | +| tst.js:261:25:261:33 | whitelist | ExampleConfiguration | false | tst.js:261:25:261:33 | whitelist | | tst.js:261:25:261:45 | whiteli ... ains(y) | ExampleConfiguration | true | tst.js:261:44:261:44 | y | +| tst.js:261:44:261:44 | y | ExampleConfiguration | false | tst.js:261:44:261:44 | y | +| tst.js:262:16:262:24 | sanitized | ExampleConfiguration | false | tst.js:262:16:262:24 | sanitized | +| tst.js:264:9:264:9 | g | ExampleConfiguration | false | tst.js:264:9:264:9 | g | +| tst.js:264:11:264:11 | v | ExampleConfiguration | false | tst.js:264:11:264:11 | v | +| tst.js:265:9:265:12 | SINK | ExampleConfiguration | false | tst.js:265:9:265:12 | SINK | +| tst.js:265:14:265:14 | v | ExampleConfiguration | false | tst.js:265:14:265:14 | v | +| tst.js:267:9:267:12 | SINK | ExampleConfiguration | false | tst.js:267:9:267:12 | SINK | +| tst.js:267:14:267:14 | v | ExampleConfiguration | false | tst.js:267:14:267:14 | v | +| tst.js:271:25:271:33 | whitelist | ExampleConfiguration | false | tst.js:271:25:271:33 | whitelist | | tst.js:271:25:271:45 | whiteli ... ains(z) | ExampleConfiguration | true | tst.js:271:44:271:44 | z | +| tst.js:271:44:271:44 | z | ExampleConfiguration | false | tst.js:271:44:271:44 | z | +| tst.js:272:16:272:28 | somethingElse | ExampleConfiguration | false | tst.js:272:16:272:28 | somethingElse | +| tst.js:274:9:274:9 | h | ExampleConfiguration | false | tst.js:274:9:274:9 | h | +| tst.js:274:11:274:11 | v | ExampleConfiguration | false | tst.js:274:11:274:11 | v | +| tst.js:275:9:275:12 | SINK | ExampleConfiguration | false | tst.js:275:9:275:12 | SINK | +| tst.js:275:14:275:14 | v | ExampleConfiguration | false | tst.js:275:14:275:14 | v | +| tst.js:277:9:277:12 | SINK | ExampleConfiguration | false | tst.js:277:9:277:12 | SINK | +| tst.js:277:14:277:14 | v | ExampleConfiguration | false | tst.js:277:14:277:14 | v | +| tst.js:281:16:281:17 | x2 | ExampleConfiguration | false | tst.js:281:16:281:17 | x2 | | tst.js:281:16:281:25 | x2 != null | ExampleConfiguration | false | tst.js:281:16:281:17 | x2 | | tst.js:281:16:281:25 | x2 != null | ExampleConfiguration | false | tst.js:281:22:281:25 | null | +| tst.js:281:30:281:38 | whitelist | ExampleConfiguration | false | tst.js:281:30:281:38 | whitelist | | tst.js:281:30:281:51 | whiteli ... ins(x2) | ExampleConfiguration | true | tst.js:281:49:281:50 | x2 | +| tst.js:281:49:281:50 | x2 | ExampleConfiguration | false | tst.js:281:49:281:50 | x2 | +| tst.js:283:9:283:10 | f2 | ExampleConfiguration | false | tst.js:283:9:283:10 | f2 | +| tst.js:283:12:283:12 | v | ExampleConfiguration | false | tst.js:283:12:283:12 | v | +| tst.js:284:9:284:12 | SINK | ExampleConfiguration | false | tst.js:284:9:284:12 | SINK | +| tst.js:284:14:284:14 | v | ExampleConfiguration | false | tst.js:284:14:284:14 | v | +| tst.js:286:9:286:12 | SINK | ExampleConfiguration | false | tst.js:286:9:286:12 | SINK | +| tst.js:286:14:286:14 | v | ExampleConfiguration | false | tst.js:286:14:286:14 | v | +| tst.js:290:16:290:17 | x3 | ExampleConfiguration | false | tst.js:290:16:290:17 | x3 | | tst.js:290:16:290:25 | x3 == null | ExampleConfiguration | true | tst.js:290:16:290:17 | x3 | | tst.js:290:16:290:25 | x3 == null | ExampleConfiguration | true | tst.js:290:22:290:25 | null | +| tst.js:290:30:290:38 | whitelist | ExampleConfiguration | false | tst.js:290:30:290:38 | whitelist | | tst.js:290:30:290:51 | whiteli ... ins(x3) | ExampleConfiguration | true | tst.js:290:49:290:50 | x3 | +| tst.js:290:49:290:50 | x3 | ExampleConfiguration | false | tst.js:290:49:290:50 | x3 | +| tst.js:292:9:292:10 | f3 | ExampleConfiguration | false | tst.js:292:9:292:10 | f3 | +| tst.js:292:12:292:12 | v | ExampleConfiguration | false | tst.js:292:12:292:12 | v | +| tst.js:293:9:293:12 | SINK | ExampleConfiguration | false | tst.js:293:9:293:12 | SINK | +| tst.js:293:14:293:14 | v | ExampleConfiguration | false | tst.js:293:14:293:14 | v | +| tst.js:295:9:295:12 | SINK | ExampleConfiguration | false | tst.js:295:9:295:12 | SINK | +| tst.js:295:14:295:14 | v | ExampleConfiguration | false | tst.js:295:14:295:14 | v | +| tst.js:299:17:299:25 | whitelist | ExampleConfiguration | false | tst.js:299:17:299:25 | whitelist | | tst.js:299:17:299:38 | whiteli ... ins(x4) | ExampleConfiguration | true | tst.js:299:36:299:37 | x4 | +| tst.js:299:36:299:37 | x4 | ExampleConfiguration | false | tst.js:299:36:299:37 | x4 | +| tst.js:301:9:301:10 | f4 | ExampleConfiguration | false | tst.js:301:9:301:10 | f4 | +| tst.js:301:12:301:12 | v | ExampleConfiguration | false | tst.js:301:12:301:12 | v | +| tst.js:302:9:302:12 | SINK | ExampleConfiguration | false | tst.js:302:9:302:12 | SINK | +| tst.js:302:14:302:14 | v | ExampleConfiguration | false | tst.js:302:14:302:14 | v | +| tst.js:304:9:304:12 | SINK | ExampleConfiguration | false | tst.js:304:9:304:12 | SINK | +| tst.js:304:14:304:14 | v | ExampleConfiguration | false | tst.js:304:14:304:14 | v | +| tst.js:308:18:308:26 | whitelist | ExampleConfiguration | false | tst.js:308:18:308:26 | whitelist | | tst.js:308:18:308:39 | whiteli ... ins(x5) | ExampleConfiguration | true | tst.js:308:37:308:38 | x5 | +| tst.js:308:37:308:38 | x5 | ExampleConfiguration | false | tst.js:308:37:308:38 | x5 | +| tst.js:310:9:310:10 | f5 | ExampleConfiguration | false | tst.js:310:9:310:10 | f5 | +| tst.js:310:12:310:12 | v | ExampleConfiguration | false | tst.js:310:12:310:12 | v | +| tst.js:311:9:311:12 | SINK | ExampleConfiguration | false | tst.js:311:9:311:12 | SINK | +| tst.js:311:14:311:14 | v | ExampleConfiguration | false | tst.js:311:14:311:14 | v | +| tst.js:313:9:313:12 | SINK | ExampleConfiguration | false | tst.js:313:9:313:12 | SINK | +| tst.js:313:14:313:14 | v | ExampleConfiguration | false | tst.js:313:14:313:14 | v | +| tst.js:317:26:317:34 | whitelist | ExampleConfiguration | false | tst.js:317:26:317:34 | whitelist | | tst.js:317:26:317:47 | whiteli ... ins(x6) | ExampleConfiguration | true | tst.js:317:45:317:46 | x6 | +| tst.js:317:45:317:46 | x6 | ExampleConfiguration | false | tst.js:317:45:317:46 | x6 | +| tst.js:318:17:318:25 | sanitized | ExampleConfiguration | false | tst.js:318:17:318:25 | sanitized | +| tst.js:320:9:320:10 | f6 | ExampleConfiguration | false | tst.js:320:9:320:10 | f6 | +| tst.js:320:12:320:12 | v | ExampleConfiguration | false | tst.js:320:12:320:12 | v | +| tst.js:321:9:321:12 | SINK | ExampleConfiguration | false | tst.js:321:9:321:12 | SINK | +| tst.js:321:14:321:14 | v | ExampleConfiguration | false | tst.js:321:14:321:14 | v | +| tst.js:323:9:323:12 | SINK | ExampleConfiguration | false | tst.js:323:9:323:12 | SINK | +| tst.js:323:14:323:14 | v | ExampleConfiguration | false | tst.js:323:14:323:14 | v | +| tst.js:327:25:327:26 | x7 | ExampleConfiguration | false | tst.js:327:25:327:26 | x7 | | tst.js:327:25:327:34 | x7 != null | ExampleConfiguration | false | tst.js:327:25:327:26 | x7 | | tst.js:327:25:327:34 | x7 != null | ExampleConfiguration | false | tst.js:327:31:327:34 | null | +| tst.js:327:39:327:47 | whitelist | ExampleConfiguration | false | tst.js:327:39:327:47 | whitelist | | tst.js:327:39:327:60 | whiteli ... ins(x7) | ExampleConfiguration | true | tst.js:327:58:327:59 | x7 | +| tst.js:327:58:327:59 | x7 | ExampleConfiguration | false | tst.js:327:58:327:59 | x7 | +| tst.js:328:16:328:24 | sanitized | ExampleConfiguration | false | tst.js:328:16:328:24 | sanitized | +| tst.js:330:9:330:10 | f7 | ExampleConfiguration | false | tst.js:330:9:330:10 | f7 | +| tst.js:330:12:330:12 | v | ExampleConfiguration | false | tst.js:330:12:330:12 | v | +| tst.js:331:9:331:12 | SINK | ExampleConfiguration | false | tst.js:331:9:331:12 | SINK | +| tst.js:331:14:331:14 | v | ExampleConfiguration | false | tst.js:331:14:331:14 | v | +| tst.js:333:9:333:12 | SINK | ExampleConfiguration | false | tst.js:333:9:333:12 | SINK | +| tst.js:333:14:333:14 | v | ExampleConfiguration | false | tst.js:333:14:333:14 | v | +| tst.js:337:25:337:33 | whitelist | ExampleConfiguration | false | tst.js:337:25:337:33 | whitelist | | tst.js:337:25:337:46 | whiteli ... ins(x8) | ExampleConfiguration | true | tst.js:337:44:337:45 | x8 | +| tst.js:337:44:337:45 | x8 | ExampleConfiguration | false | tst.js:337:44:337:45 | x8 | +| tst.js:338:16:338:17 | x8 | ExampleConfiguration | false | tst.js:338:16:338:17 | x8 | | tst.js:338:16:338:25 | x8 != null | ExampleConfiguration | false | tst.js:338:16:338:17 | x8 | | tst.js:338:16:338:25 | x8 != null | ExampleConfiguration | false | tst.js:338:22:338:25 | null | +| tst.js:338:30:338:38 | sanitized | ExampleConfiguration | false | tst.js:338:30:338:38 | sanitized | +| tst.js:340:9:340:10 | f8 | ExampleConfiguration | false | tst.js:340:9:340:10 | f8 | +| tst.js:340:12:340:12 | v | ExampleConfiguration | false | tst.js:340:12:340:12 | v | +| tst.js:341:9:341:12 | SINK | ExampleConfiguration | false | tst.js:341:9:341:12 | SINK | +| tst.js:341:14:341:14 | v | ExampleConfiguration | false | tst.js:341:14:341:14 | v | +| tst.js:343:9:343:12 | SINK | ExampleConfiguration | false | tst.js:343:9:343:12 | SINK | +| tst.js:343:14:343:14 | v | ExampleConfiguration | false | tst.js:343:14:343:14 | v | +| tst.js:347:16:347:22 | unknown | ExampleConfiguration | false | tst.js:347:16:347:22 | unknown | +| tst.js:347:29:347:37 | whitelist | ExampleConfiguration | false | tst.js:347:29:347:37 | whitelist | | tst.js:347:29:347:50 | whiteli ... ins(x9) | ExampleConfiguration | true | tst.js:347:48:347:49 | x9 | +| tst.js:347:48:347:49 | x9 | ExampleConfiguration | false | tst.js:347:48:347:49 | x9 | +| tst.js:347:55:347:61 | unknown | ExampleConfiguration | false | tst.js:347:55:347:61 | unknown | +| tst.js:349:9:349:10 | f9 | ExampleConfiguration | false | tst.js:349:9:349:10 | f9 | +| tst.js:349:12:349:12 | v | ExampleConfiguration | false | tst.js:349:12:349:12 | v | +| tst.js:350:9:350:12 | SINK | ExampleConfiguration | false | tst.js:350:9:350:12 | SINK | +| tst.js:350:14:350:14 | v | ExampleConfiguration | false | tst.js:350:14:350:14 | v | +| tst.js:352:9:352:12 | SINK | ExampleConfiguration | false | tst.js:352:9:352:12 | SINK | +| tst.js:352:14:352:14 | v | ExampleConfiguration | false | tst.js:352:14:352:14 | v | +| tst.js:356:16:356:18 | x10 | ExampleConfiguration | false | tst.js:356:16:356:18 | x10 | | tst.js:356:16:356:27 | x10 !== null | ExampleConfiguration | false | tst.js:356:16:356:18 | x10 | | tst.js:356:16:356:27 | x10 !== null | ExampleConfiguration | false | tst.js:356:24:356:27 | null | +| tst.js:356:32:356:34 | x10 | ExampleConfiguration | false | tst.js:356:32:356:34 | x10 | | tst.js:356:32:356:48 | x10 !== undefined | ExampleConfiguration | false | tst.js:356:32:356:34 | x10 | | tst.js:356:32:356:48 | x10 !== undefined | ExampleConfiguration | false | tst.js:356:40:356:48 | undefined | +| tst.js:356:40:356:48 | undefined | ExampleConfiguration | false | tst.js:356:40:356:48 | undefined | +| tst.js:358:9:358:11 | f10 | ExampleConfiguration | false | tst.js:358:9:358:11 | f10 | +| tst.js:358:13:358:13 | v | ExampleConfiguration | false | tst.js:358:13:358:13 | v | +| tst.js:359:9:359:12 | SINK | ExampleConfiguration | false | tst.js:359:9:359:12 | SINK | +| tst.js:359:14:359:14 | v | ExampleConfiguration | false | tst.js:359:14:359:14 | v | +| tst.js:361:9:361:12 | SINK | ExampleConfiguration | false | tst.js:361:9:361:12 | SINK | +| tst.js:361:14:361:14 | v | ExampleConfiguration | false | tst.js:361:14:361:14 | v | +| tst.js:367:13:367:18 | SOURCE | ExampleConfiguration | false | tst.js:367:13:367:18 | SOURCE | +| tst.js:368:5:368:8 | SINK | ExampleConfiguration | false | tst.js:368:5:368:8 | SINK | +| tst.js:368:10:368:10 | o | ExampleConfiguration | false | tst.js:368:10:368:10 | o | +| tst.js:370:9:370:9 | o | ExampleConfiguration | false | tst.js:370:9:370:9 | o | | tst.js:370:9:370:29 | o.p == ... listed" | ExampleConfiguration | true | tst.js:370:9:370:11 | o.p | +| tst.js:371:9:371:12 | SINK | ExampleConfiguration | false | tst.js:371:9:371:12 | SINK | +| tst.js:371:14:371:14 | o | ExampleConfiguration | false | tst.js:371:14:371:14 | o | +| tst.js:373:9:373:12 | SINK | ExampleConfiguration | false | tst.js:373:9:373:12 | SINK | +| tst.js:373:14:373:14 | o | ExampleConfiguration | false | tst.js:373:14:373:14 | o | +| tst.js:376:19:376:19 | o | ExampleConfiguration | false | tst.js:376:19:376:19 | o | +| tst.js:377:11:377:11 | o | ExampleConfiguration | false | tst.js:377:11:377:11 | o | | tst.js:377:11:377:32 | o[p] == ... listed" | ExampleConfiguration | true | tst.js:377:11:377:14 | o[p] | +| tst.js:377:13:377:13 | p | ExampleConfiguration | false | tst.js:377:13:377:13 | p | +| tst.js:378:9:378:12 | SINK | ExampleConfiguration | false | tst.js:378:9:378:12 | SINK | +| tst.js:378:14:378:14 | o | ExampleConfiguration | false | tst.js:378:14:378:14 | o | +| tst.js:378:16:378:16 | p | ExampleConfiguration | false | tst.js:378:16:378:16 | p | +| tst.js:379:9:379:9 | p | ExampleConfiguration | false | tst.js:379:9:379:9 | p | +| tst.js:379:13:379:25 | somethingElse | ExampleConfiguration | false | tst.js:379:13:379:25 | somethingElse | +| tst.js:380:9:380:12 | SINK | ExampleConfiguration | false | tst.js:380:9:380:12 | SINK | +| tst.js:380:14:380:14 | o | ExampleConfiguration | false | tst.js:380:14:380:14 | o | +| tst.js:380:16:380:16 | p | ExampleConfiguration | false | tst.js:380:16:380:16 | p | +| tst.js:382:9:382:12 | SINK | ExampleConfiguration | false | tst.js:382:9:382:12 | SINK | +| tst.js:382:14:382:14 | o | ExampleConfiguration | false | tst.js:382:14:382:14 | o | +| tst.js:382:16:382:16 | p | ExampleConfiguration | false | tst.js:382:16:382:16 | p | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 9dd83d53ad1..5a6ef361bb8 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -54,6 +54,9 @@ | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:52:10:52:10 | x | | sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:86:7:86:7 | x | | thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field | | thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 | | tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js index caae61eba6f..497271d989e 100644 --- a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js +++ b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js @@ -81,8 +81,8 @@ function falsy() { sink(x); // NOT OK if (x) { - sink(x); // NOT OK + sink(x); // OK (for taint-tracking) } else { - sink(x); // OK + sink(x); // NOT OK } } From e359e1a373d4906aebe6198c3cc9ea80b5cb70a4 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Tue, 18 Feb 2020 10:57:28 +0100 Subject: [PATCH 6/8] use a barrier directly instead of a barrier guard --- .../CWE-400/PrototypePollutionUtility.ql | 9 +- .../javascript/dataflow/Configuration.qll | 19 +- .../javascript/dataflow/TaintTracking.qll | 18 +- .../security/dataflow/TaintedPath.qll | 3 +- .../dataflow/TaintedPathCustomizations.qll | 5 + .../TaintBarriers/SanitizingGuard.expected | 351 ------------------ 6 files changed, 24 insertions(+), 381 deletions(-) diff --git a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql index b882165ffaa..317aa6fcc22 100644 --- a/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql +++ b/javascript/ql/src/Security/CWE-400/PrototypePollutionUtility.ql @@ -185,6 +185,12 @@ class PropNameTracking extends DataFlow::Configuration { ) } + override predicate isBarrier(DataFlow::Node node) { + super.isBarrier(node) + or + node instanceof DataFlow::VarAccessBarrier + } + override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { node instanceof BlacklistEqualityGuard or node instanceof WhitelistEqualityGuard or @@ -193,8 +199,7 @@ class PropNameTracking extends DataFlow::Configuration { node instanceof InstanceOfGuard or node instanceof TypeofGuard or node instanceof BlacklistInclusionGuard or - node instanceof WhitelistInclusionGuard or - node instanceof DataFlow::VarAccessBarrierGuard + node instanceof WhitelistInclusionGuard } } diff --git a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll index 873a1dbed6a..0cba3157ba9 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll @@ -1483,16 +1483,15 @@ private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, Dat /** * A check of the form `if(x)`, which sanitizes `x` in its "else" branch. - * Can be added to a `isBarrierGuard` in a configuration to add the sanitization. + * Can be added to a `isBarrier` in a configuration to add the sanitization. */ -class VarAccessBarrierGuard extends BarrierGuardNode, DataFlow::Node { - VarAccess var; - - VarAccessBarrierGuard() { - var = this.getEnclosingExpr() - } - - override predicate blocks(boolean outcome, Expr e) { - var = e and outcome = false +class VarAccessBarrier extends DataFlow::Node { + VarAccessBarrier() { + exists(ConditionGuardNode guard, SsaRefinementNode refinement | + this = DataFlow::ssaDefinitionNode(refinement) and + refinement.getGuard() = guard and + guard.getTest() instanceof VarAccess and + guard.getOutcome() = false + ) } } diff --git a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll index fa573cf908a..ba14bf65f66 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/TaintTracking.qll @@ -89,7 +89,8 @@ module TaintTracking { final override predicate isBarrier(DataFlow::Node node) { super.isBarrier(node) or - isSanitizer(node) + isSanitizer(node) or + node instanceof DataFlow::VarAccessBarrier } final override predicate isBarrierEdge(DataFlow::Node source, DataFlow::Node sink) { @@ -914,19 +915,4 @@ module TaintTracking { DataFlow::localFlowStep(pred, succ) or any(AdditionalTaintStep s).step(pred, succ) } - - /** A check of the form `if(x)`, which sanitizes `x` in its "else" branch. */ - private class VarAccessBarrierGuard extends AdditionalSanitizerGuardNode, DataFlow::Node { - DataFlow::VarAccessBarrierGuard guard; - - VarAccessBarrierGuard() { - this = guard - } - - override predicate sanitizes(boolean outcome, Expr e) { - guard.blocks(outcome, e) - } - - override predicate appliesTo(Configuration cfg) { any() } - } } diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll index 5e888b6e768..b46f7d508f7 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPath.qll @@ -35,8 +35,7 @@ module TaintedPath { guard instanceof StartsWithDotDotSanitizer or guard instanceof StartsWithDirSanitizer or guard instanceof IsAbsoluteSanitizer or - guard instanceof ContainsDotDotSanitizer or - guard instanceof DataFlow::VarAccessBarrierGuard + guard instanceof ContainsDotDotSanitizer } override predicate isAdditionalFlowStep( diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index 25bb232f8fe..62e42b1963a 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -355,6 +355,11 @@ module TaintedPath { } } + /** + * A check of the form `if(x)`, which sanitizes `x` in its "else" branch. + */ + class VarAccessBarrier extends Sanitizer, DataFlow::VarAccessBarrier { } + /** * A source of remote user input, considered as a flow source for * tainted-path vulnerabilities. diff --git a/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected b/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected index d09005ef78b..cf568e8c593 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected +++ b/javascript/ql/test/library-tests/TaintBarriers/SanitizingGuard.expected @@ -1,419 +1,68 @@ -| tst.js:2:13:2:18 | SOURCE | ExampleConfiguration | false | tst.js:2:13:2:18 | SOURCE | -| tst.js:3:5:3:8 | SINK | ExampleConfiguration | false | tst.js:3:5:3:8 | SINK | -| tst.js:3:10:3:10 | v | ExampleConfiguration | false | tst.js:3:10:3:10 | v | | tst.js:5:9:5:21 | /^x$/.test(v) | ExampleConfiguration | true | tst.js:5:20:5:20 | v | -| tst.js:5:20:5:20 | v | ExampleConfiguration | false | tst.js:5:20:5:20 | v | -| tst.js:6:9:6:12 | SINK | ExampleConfiguration | false | tst.js:6:9:6:12 | SINK | -| tst.js:6:14:6:14 | v | ExampleConfiguration | false | tst.js:6:14:6:14 | v | -| tst.js:8:9:8:12 | SINK | ExampleConfiguration | false | tst.js:8:9:8:12 | SINK | -| tst.js:8:14:8:14 | v | ExampleConfiguration | false | tst.js:8:14:8:14 | v | -| tst.js:11:9:11:9 | v | ExampleConfiguration | false | tst.js:11:9:11:9 | v | | tst.js:11:9:11:25 | v.match(/[^a-z]/) | ExampleConfiguration | false | tst.js:11:9:11:9 | v | -| tst.js:12:9:12:12 | SINK | ExampleConfiguration | false | tst.js:12:9:12:12 | SINK | -| tst.js:12:14:12:14 | v | ExampleConfiguration | false | tst.js:12:14:12:14 | v | -| tst.js:14:9:14:12 | SINK | ExampleConfiguration | false | tst.js:14:9:14:12 | SINK | -| tst.js:14:14:14:14 | v | ExampleConfiguration | false | tst.js:14:14:14:14 | v | -| tst.js:20:13:20:18 | SOURCE | ExampleConfiguration | false | tst.js:20:13:20:18 | SOURCE | -| tst.js:21:5:21:8 | SINK | ExampleConfiguration | false | tst.js:21:5:21:8 | SINK | -| tst.js:21:10:21:10 | v | ExampleConfiguration | false | tst.js:21:10:21:10 | v | -| tst.js:23:9:23:9 | o | ExampleConfiguration | false | tst.js:23:9:23:9 | o | | tst.js:23:9:23:27 | o.hasOwnProperty(v) | ExampleConfiguration | true | tst.js:23:26:23:26 | v | -| tst.js:23:26:23:26 | v | ExampleConfiguration | false | tst.js:23:26:23:26 | v | -| tst.js:24:9:24:12 | SINK | ExampleConfiguration | false | tst.js:24:9:24:12 | SINK | -| tst.js:24:14:24:14 | v | ExampleConfiguration | false | tst.js:24:14:24:14 | v | -| tst.js:26:9:26:12 | SINK | ExampleConfiguration | false | tst.js:26:9:26:12 | SINK | -| tst.js:26:14:26:14 | v | ExampleConfiguration | false | tst.js:26:14:26:14 | v | -| tst.js:32:13:32:18 | SOURCE | ExampleConfiguration | false | tst.js:32:13:32:18 | SOURCE | -| tst.js:33:5:33:8 | SINK | ExampleConfiguration | false | tst.js:33:5:33:8 | SINK | -| tst.js:33:10:33:10 | v | ExampleConfiguration | false | tst.js:33:10:33:10 | v | -| tst.js:35:9:35:9 | v | ExampleConfiguration | false | tst.js:35:9:35:9 | v | | tst.js:35:9:35:14 | v in o | ExampleConfiguration | true | tst.js:35:9:35:9 | v | -| tst.js:35:14:35:14 | o | ExampleConfiguration | false | tst.js:35:14:35:14 | o | -| tst.js:36:9:36:12 | SINK | ExampleConfiguration | false | tst.js:36:9:36:12 | SINK | -| tst.js:36:14:36:14 | v | ExampleConfiguration | false | tst.js:36:14:36:14 | v | -| tst.js:38:9:38:12 | SINK | ExampleConfiguration | false | tst.js:38:9:38:12 | SINK | -| tst.js:38:14:38:14 | v | ExampleConfiguration | false | tst.js:38:14:38:14 | v | -| tst.js:44:13:44:18 | SOURCE | ExampleConfiguration | false | tst.js:44:13:44:18 | SOURCE | -| tst.js:45:5:45:8 | SINK | ExampleConfiguration | false | tst.js:45:5:45:8 | SINK | -| tst.js:45:10:45:10 | v | ExampleConfiguration | false | tst.js:45:10:45:10 | v | -| tst.js:47:9:47:9 | o | ExampleConfiguration | false | tst.js:47:9:47:9 | o | | tst.js:47:9:47:25 | o[v] == undefined | ExampleConfiguration | false | tst.js:47:11:47:11 | v | | tst.js:47:9:47:25 | o[v] == undefined | ExampleConfiguration | true | tst.js:47:9:47:12 | o[v] | -| tst.js:47:11:47:11 | v | ExampleConfiguration | false | tst.js:47:11:47:11 | v | -| tst.js:47:17:47:25 | undefined | ExampleConfiguration | false | tst.js:47:17:47:25 | undefined | -| tst.js:48:9:48:12 | SINK | ExampleConfiguration | false | tst.js:48:9:48:12 | SINK | -| tst.js:48:14:48:14 | v | ExampleConfiguration | false | tst.js:48:14:48:14 | v | -| tst.js:50:9:50:12 | SINK | ExampleConfiguration | false | tst.js:50:9:50:12 | SINK | -| tst.js:50:14:50:14 | v | ExampleConfiguration | false | tst.js:50:14:50:14 | v | -| tst.js:53:9:53:17 | undefined | ExampleConfiguration | false | tst.js:53:9:53:17 | undefined | | tst.js:53:9:53:26 | undefined === o[v] | ExampleConfiguration | false | tst.js:53:25:53:25 | v | | tst.js:53:9:53:26 | undefined === o[v] | ExampleConfiguration | true | tst.js:53:23:53:26 | o[v] | -| tst.js:53:23:53:23 | o | ExampleConfiguration | false | tst.js:53:23:53:23 | o | -| tst.js:53:25:53:25 | v | ExampleConfiguration | false | tst.js:53:25:53:25 | v | -| tst.js:54:9:54:12 | SINK | ExampleConfiguration | false | tst.js:54:9:54:12 | SINK | -| tst.js:54:14:54:14 | v | ExampleConfiguration | false | tst.js:54:14:54:14 | v | -| tst.js:56:9:56:12 | SINK | ExampleConfiguration | false | tst.js:56:9:56:12 | SINK | -| tst.js:56:14:56:14 | v | ExampleConfiguration | false | tst.js:56:14:56:14 | v | -| tst.js:59:9:59:9 | o | ExampleConfiguration | false | tst.js:59:9:59:9 | o | | tst.js:59:9:59:26 | o[v] !== undefined | ExampleConfiguration | false | tst.js:59:9:59:12 | o[v] | | tst.js:59:9:59:26 | o[v] !== undefined | ExampleConfiguration | true | tst.js:59:11:59:11 | v | -| tst.js:59:11:59:11 | v | ExampleConfiguration | false | tst.js:59:11:59:11 | v | -| tst.js:59:18:59:26 | undefined | ExampleConfiguration | false | tst.js:59:18:59:26 | undefined | -| tst.js:60:9:60:12 | SINK | ExampleConfiguration | false | tst.js:60:9:60:12 | SINK | -| tst.js:60:14:60:14 | v | ExampleConfiguration | false | tst.js:60:14:60:14 | v | -| tst.js:62:9:62:12 | SINK | ExampleConfiguration | false | tst.js:62:9:62:12 | SINK | -| tst.js:62:14:62:14 | v | ExampleConfiguration | false | tst.js:62:14:62:14 | v | -| tst.js:68:13:68:18 | SOURCE | ExampleConfiguration | false | tst.js:68:13:68:18 | SOURCE | -| tst.js:69:5:69:8 | SINK | ExampleConfiguration | false | tst.js:69:5:69:8 | SINK | -| tst.js:69:10:69:10 | v | ExampleConfiguration | false | tst.js:69:10:69:10 | v | -| tst.js:71:9:71:9 | o | ExampleConfiguration | false | tst.js:71:9:71:9 | o | | tst.js:71:9:71:26 | o.indexOf(v) == -1 | ExampleConfiguration | false | tst.js:71:19:71:19 | v | | tst.js:71:9:71:26 | o.indexOf(v) == -1 | ExampleConfiguration | true | tst.js:71:9:71:20 | o.indexOf(v) | -| tst.js:71:19:71:19 | v | ExampleConfiguration | false | tst.js:71:19:71:19 | v | -| tst.js:72:9:72:12 | SINK | ExampleConfiguration | false | tst.js:72:9:72:12 | SINK | -| tst.js:72:14:72:14 | v | ExampleConfiguration | false | tst.js:72:14:72:14 | v | -| tst.js:74:9:74:12 | SINK | ExampleConfiguration | false | tst.js:74:9:74:12 | SINK | -| tst.js:74:14:74:14 | v | ExampleConfiguration | false | tst.js:74:14:74:14 | v | | tst.js:77:9:77:27 | -1 === o.indexOf(v) | ExampleConfiguration | false | tst.js:77:26:77:26 | v | | tst.js:77:9:77:27 | -1 === o.indexOf(v) | ExampleConfiguration | true | tst.js:77:16:77:27 | o.indexOf(v) | -| tst.js:77:16:77:16 | o | ExampleConfiguration | false | tst.js:77:16:77:16 | o | -| tst.js:77:26:77:26 | v | ExampleConfiguration | false | tst.js:77:26:77:26 | v | -| tst.js:78:9:78:12 | SINK | ExampleConfiguration | false | tst.js:78:9:78:12 | SINK | -| tst.js:78:14:78:14 | v | ExampleConfiguration | false | tst.js:78:14:78:14 | v | -| tst.js:80:9:80:12 | SINK | ExampleConfiguration | false | tst.js:80:9:80:12 | SINK | -| tst.js:80:14:80:14 | v | ExampleConfiguration | false | tst.js:80:14:80:14 | v | -| tst.js:83:9:83:9 | o | ExampleConfiguration | false | tst.js:83:9:83:9 | o | | tst.js:83:9:83:27 | o.indexOf(v) !== -1 | ExampleConfiguration | false | tst.js:83:9:83:20 | o.indexOf(v) | | tst.js:83:9:83:27 | o.indexOf(v) !== -1 | ExampleConfiguration | true | tst.js:83:19:83:19 | v | -| tst.js:83:19:83:19 | v | ExampleConfiguration | false | tst.js:83:19:83:19 | v | -| tst.js:84:9:84:12 | SINK | ExampleConfiguration | false | tst.js:84:9:84:12 | SINK | -| tst.js:84:14:84:14 | v | ExampleConfiguration | false | tst.js:84:14:84:14 | v | -| tst.js:86:9:86:12 | SINK | ExampleConfiguration | false | tst.js:86:9:86:12 | SINK | -| tst.js:86:14:86:14 | v | ExampleConfiguration | false | tst.js:86:14:86:14 | v | -| tst.js:92:13:92:18 | SOURCE | ExampleConfiguration | false | tst.js:92:13:92:18 | SOURCE | -| tst.js:93:5:93:8 | SINK | ExampleConfiguration | false | tst.js:93:5:93:8 | SINK | -| tst.js:93:10:93:10 | v | ExampleConfiguration | false | tst.js:93:10:93:10 | v | -| tst.js:95:9:95:9 | o | ExampleConfiguration | false | tst.js:95:9:95:9 | o | | tst.js:95:9:95:21 | o.contains(v) | ExampleConfiguration | true | tst.js:95:20:95:20 | v | -| tst.js:95:20:95:20 | v | ExampleConfiguration | false | tst.js:95:20:95:20 | v | -| tst.js:96:9:96:12 | SINK | ExampleConfiguration | false | tst.js:96:9:96:12 | SINK | -| tst.js:96:14:96:14 | v | ExampleConfiguration | false | tst.js:96:14:96:14 | v | -| tst.js:98:9:98:12 | SINK | ExampleConfiguration | false | tst.js:98:9:98:12 | SINK | -| tst.js:98:14:98:14 | v | ExampleConfiguration | false | tst.js:98:14:98:14 | v | -| tst.js:104:13:104:18 | SOURCE | ExampleConfiguration | false | tst.js:104:13:104:18 | SOURCE | -| tst.js:105:5:105:8 | SINK | ExampleConfiguration | false | tst.js:105:5:105:8 | SINK | -| tst.js:105:10:105:10 | v | ExampleConfiguration | false | tst.js:105:10:105:10 | v | -| tst.js:107:9:107:9 | o | ExampleConfiguration | false | tst.js:107:9:107:9 | o | | tst.js:107:9:107:16 | o.has(v) | ExampleConfiguration | true | tst.js:107:15:107:15 | v | -| tst.js:107:15:107:15 | v | ExampleConfiguration | false | tst.js:107:15:107:15 | v | -| tst.js:108:9:108:12 | SINK | ExampleConfiguration | false | tst.js:108:9:108:12 | SINK | -| tst.js:108:14:108:14 | v | ExampleConfiguration | false | tst.js:108:14:108:14 | v | -| tst.js:110:9:110:12 | SINK | ExampleConfiguration | false | tst.js:110:9:110:12 | SINK | -| tst.js:110:14:110:14 | v | ExampleConfiguration | false | tst.js:110:14:110:14 | v | -| tst.js:116:13:116:18 | SOURCE | ExampleConfiguration | false | tst.js:116:13:116:18 | SOURCE | -| tst.js:117:5:117:8 | SINK | ExampleConfiguration | false | tst.js:117:5:117:8 | SINK | -| tst.js:117:10:117:10 | v | ExampleConfiguration | false | tst.js:117:10:117:10 | v | -| tst.js:119:9:119:9 | o | ExampleConfiguration | false | tst.js:119:9:119:9 | o | | tst.js:119:9:119:21 | o.includes(v) | ExampleConfiguration | true | tst.js:119:20:119:20 | v | -| tst.js:119:20:119:20 | v | ExampleConfiguration | false | tst.js:119:20:119:20 | v | -| tst.js:120:9:120:12 | SINK | ExampleConfiguration | false | tst.js:120:9:120:12 | SINK | -| tst.js:120:14:120:14 | v | ExampleConfiguration | false | tst.js:120:14:120:14 | v | -| tst.js:122:9:122:12 | SINK | ExampleConfiguration | false | tst.js:122:9:122:12 | SINK | -| tst.js:122:14:122:14 | v | ExampleConfiguration | false | tst.js:122:14:122:14 | v | -| tst.js:128:13:128:18 | SOURCE | ExampleConfiguration | false | tst.js:128:13:128:18 | SOURCE | -| tst.js:129:5:129:8 | SINK | ExampleConfiguration | false | tst.js:129:5:129:8 | SINK | -| tst.js:129:10:129:10 | v | ExampleConfiguration | false | tst.js:129:10:129:10 | v | -| tst.js:131:9:131:9 | o | ExampleConfiguration | false | tst.js:131:9:131:9 | o | | tst.js:131:9:131:27 | o.hasOwnProperty(v) | ExampleConfiguration | true | tst.js:131:26:131:26 | v | -| tst.js:131:26:131:26 | v | ExampleConfiguration | false | tst.js:131:26:131:26 | v | -| tst.js:132:9:132:12 | SINK | ExampleConfiguration | false | tst.js:132:9:132:12 | SINK | -| tst.js:132:14:132:14 | v | ExampleConfiguration | false | tst.js:132:14:132:14 | v | -| tst.js:133:16:133:16 | o | ExampleConfiguration | false | tst.js:133:16:133:16 | o | | tst.js:133:16:133:36 | o.hasOw ... ty(v.p) | ExampleConfiguration | true | tst.js:133:33:133:35 | v.p | -| tst.js:133:33:133:33 | v | ExampleConfiguration | false | tst.js:133:33:133:33 | v | -| tst.js:134:9:134:12 | SINK | ExampleConfiguration | false | tst.js:134:9:134:12 | SINK | -| tst.js:134:14:134:14 | v | ExampleConfiguration | false | tst.js:134:14:134:14 | v | -| tst.js:135:16:135:16 | o | ExampleConfiguration | false | tst.js:135:16:135:16 | o | | tst.js:135:16:135:38 | o.hasOw ... (v.p.q) | ExampleConfiguration | true | tst.js:135:33:135:37 | v.p.q | -| tst.js:135:33:135:33 | v | ExampleConfiguration | false | tst.js:135:33:135:33 | v | -| tst.js:136:9:136:12 | SINK | ExampleConfiguration | false | tst.js:136:9:136:12 | SINK | -| tst.js:136:14:136:14 | v | ExampleConfiguration | false | tst.js:136:14:136:14 | v | -| tst.js:137:16:137:16 | o | ExampleConfiguration | false | tst.js:137:16:137:16 | o | | tst.js:137:16:137:36 | o.hasOw ... ty(v.p) | ExampleConfiguration | true | tst.js:137:33:137:35 | v.p | -| tst.js:137:33:137:33 | v | ExampleConfiguration | false | tst.js:137:33:137:33 | v | -| tst.js:138:9:138:12 | SINK | ExampleConfiguration | false | tst.js:138:9:138:12 | SINK | -| tst.js:138:14:138:14 | v | ExampleConfiguration | false | tst.js:138:14:138:14 | v | -| tst.js:139:16:139:16 | o | ExampleConfiguration | false | tst.js:139:16:139:16 | o | | tst.js:139:16:139:41 | o.hasOw ... "p.q"]) | ExampleConfiguration | true | tst.js:139:33:139:40 | v["p.q"] | -| tst.js:139:33:139:33 | v | ExampleConfiguration | false | tst.js:139:33:139:33 | v | -| tst.js:140:9:140:12 | SINK | ExampleConfiguration | false | tst.js:140:9:140:12 | SINK | -| tst.js:140:14:140:14 | v | ExampleConfiguration | false | tst.js:140:14:140:14 | v | -| tst.js:145:13:145:18 | SOURCE | ExampleConfiguration | false | tst.js:145:13:145:18 | SOURCE | -| tst.js:146:5:146:8 | SINK | ExampleConfiguration | false | tst.js:146:5:146:8 | SINK | -| tst.js:146:10:146:10 | v | ExampleConfiguration | false | tst.js:146:10:146:10 | v | -| tst.js:148:9:148:9 | v | ExampleConfiguration | false | tst.js:148:9:148:9 | v | | tst.js:148:9:148:27 | v == "white-listed" | ExampleConfiguration | true | tst.js:148:9:148:9 | v | | tst.js:148:9:148:27 | v == "white-listed" | ExampleConfiguration | true | tst.js:148:14:148:27 | "white-listed" | -| tst.js:149:9:149:12 | SINK | ExampleConfiguration | false | tst.js:149:9:149:12 | SINK | -| tst.js:149:14:149:14 | v | ExampleConfiguration | false | tst.js:149:14:149:14 | v | -| tst.js:151:9:151:12 | SINK | ExampleConfiguration | false | tst.js:151:9:151:12 | SINK | -| tst.js:151:14:151:14 | v | ExampleConfiguration | false | tst.js:151:14:151:14 | v | | tst.js:154:9:154:27 | "white-listed" != v | ExampleConfiguration | false | tst.js:154:9:154:22 | "white-listed" | | tst.js:154:9:154:27 | "white-listed" != v | ExampleConfiguration | false | tst.js:154:27:154:27 | v | -| tst.js:154:27:154:27 | v | ExampleConfiguration | false | tst.js:154:27:154:27 | v | -| tst.js:155:9:155:12 | SINK | ExampleConfiguration | false | tst.js:155:9:155:12 | SINK | -| tst.js:155:14:155:14 | v | ExampleConfiguration | false | tst.js:155:14:155:14 | v | -| tst.js:157:9:157:12 | SINK | ExampleConfiguration | false | tst.js:157:9:157:12 | SINK | -| tst.js:157:14:157:14 | v | ExampleConfiguration | false | tst.js:157:14:157:14 | v | -| tst.js:160:9:160:9 | v | ExampleConfiguration | false | tst.js:160:9:160:9 | v | | tst.js:160:9:160:30 | v === " ... sted-1" | ExampleConfiguration | true | tst.js:160:9:160:9 | v | | tst.js:160:9:160:30 | v === " ... sted-1" | ExampleConfiguration | true | tst.js:160:15:160:30 | "white-listed-1" | -| tst.js:160:35:160:35 | v | ExampleConfiguration | false | tst.js:160:35:160:35 | v | | tst.js:160:35:160:56 | v === " ... sted-2" | ExampleConfiguration | true | tst.js:160:35:160:35 | v | | tst.js:160:35:160:56 | v === " ... sted-2" | ExampleConfiguration | true | tst.js:160:41:160:56 | "white-listed-2" | -| tst.js:161:9:161:12 | SINK | ExampleConfiguration | false | tst.js:161:9:161:12 | SINK | -| tst.js:161:14:161:14 | v | ExampleConfiguration | false | tst.js:161:14:161:14 | v | -| tst.js:163:9:163:12 | SINK | ExampleConfiguration | false | tst.js:163:9:163:12 | SINK | -| tst.js:163:14:163:14 | v | ExampleConfiguration | false | tst.js:163:14:163:14 | v | -| tst.js:166:9:166:9 | v | ExampleConfiguration | false | tst.js:166:9:166:9 | v | | tst.js:166:9:166:16 | v == !!0 | ExampleConfiguration | true | tst.js:166:9:166:9 | v | | tst.js:166:9:166:16 | v == !!0 | ExampleConfiguration | true | tst.js:166:14:166:16 | !!0 | -| tst.js:167:9:167:12 | SINK | ExampleConfiguration | false | tst.js:167:9:167:12 | SINK | -| tst.js:167:14:167:14 | v | ExampleConfiguration | false | tst.js:167:14:167:14 | v | -| tst.js:169:9:169:12 | SINK | ExampleConfiguration | false | tst.js:169:9:169:12 | SINK | -| tst.js:169:14:169:14 | v | ExampleConfiguration | false | tst.js:169:14:169:14 | v | -| tst.js:174:34:174:34 | x | ExampleConfiguration | false | tst.js:174:34:174:34 | x | -| tst.js:175:13:175:18 | SOURCE | ExampleConfiguration | false | tst.js:175:13:175:18 | SOURCE | -| tst.js:176:5:176:5 | v | ExampleConfiguration | false | tst.js:176:5:176:5 | v | -| tst.js:176:9:176:16 | SANITIZE | ExampleConfiguration | false | tst.js:176:9:176:16 | SANITIZE | -| tst.js:176:18:176:18 | v | ExampleConfiguration | false | tst.js:176:18:176:18 | v | -| tst.js:177:5:177:8 | SINK | ExampleConfiguration | false | tst.js:177:5:177:8 | SINK | -| tst.js:177:10:177:10 | v | ExampleConfiguration | false | tst.js:177:10:177:10 | v | -| tst.js:181:13:181:18 | SOURCE | ExampleConfiguration | false | tst.js:181:13:181:18 | SOURCE | -| tst.js:182:5:182:8 | SINK | ExampleConfiguration | false | tst.js:182:5:182:8 | SINK | -| tst.js:182:10:182:10 | v | ExampleConfiguration | false | tst.js:182:10:182:10 | v | | tst.js:184:9:184:21 | ~o.indexOf(v) | ExampleConfiguration | true | tst.js:184:20:184:20 | v | -| tst.js:184:10:184:10 | o | ExampleConfiguration | false | tst.js:184:10:184:10 | o | -| tst.js:184:20:184:20 | v | ExampleConfiguration | false | tst.js:184:20:184:20 | v | -| tst.js:185:9:185:12 | SINK | ExampleConfiguration | false | tst.js:185:9:185:12 | SINK | -| tst.js:185:14:185:14 | v | ExampleConfiguration | false | tst.js:185:14:185:14 | v | -| tst.js:187:9:187:12 | SINK | ExampleConfiguration | false | tst.js:187:9:187:12 | SINK | -| tst.js:187:14:187:14 | v | ExampleConfiguration | false | tst.js:187:14:187:14 | v | | tst.js:190:10:190:22 | ~o.indexOf(v) | ExampleConfiguration | true | tst.js:190:21:190:21 | v | -| tst.js:190:11:190:11 | o | ExampleConfiguration | false | tst.js:190:11:190:11 | o | -| tst.js:190:21:190:21 | v | ExampleConfiguration | false | tst.js:190:21:190:21 | v | -| tst.js:191:9:191:12 | SINK | ExampleConfiguration | false | tst.js:191:9:191:12 | SINK | -| tst.js:191:14:191:14 | v | ExampleConfiguration | false | tst.js:191:14:191:14 | v | -| tst.js:193:9:193:12 | SINK | ExampleConfiguration | false | tst.js:193:9:193:12 | SINK | -| tst.js:193:14:193:14 | v | ExampleConfiguration | false | tst.js:193:14:193:14 | v | -| tst.js:199:13:199:18 | SOURCE | ExampleConfiguration | false | tst.js:199:13:199:18 | SOURCE | -| tst.js:200:5:200:8 | SINK | ExampleConfiguration | false | tst.js:200:5:200:8 | SINK | -| tst.js:200:10:200:10 | v | ExampleConfiguration | false | tst.js:200:10:200:10 | v | -| tst.js:202:9:202:9 | o | ExampleConfiguration | false | tst.js:202:9:202:9 | o | | tst.js:202:9:202:26 | o.indexOf(v) <= -1 | ExampleConfiguration | false | tst.js:202:19:202:19 | v | -| tst.js:202:19:202:19 | v | ExampleConfiguration | false | tst.js:202:19:202:19 | v | -| tst.js:203:9:203:12 | SINK | ExampleConfiguration | false | tst.js:203:9:203:12 | SINK | -| tst.js:203:14:203:14 | v | ExampleConfiguration | false | tst.js:203:14:203:14 | v | -| tst.js:205:9:205:12 | SINK | ExampleConfiguration | false | tst.js:205:9:205:12 | SINK | -| tst.js:205:14:205:14 | v | ExampleConfiguration | false | tst.js:205:14:205:14 | v | -| tst.js:208:9:208:9 | o | ExampleConfiguration | false | tst.js:208:9:208:9 | o | | tst.js:208:9:208:25 | o.indexOf(v) >= 0 | ExampleConfiguration | true | tst.js:208:19:208:19 | v | -| tst.js:208:19:208:19 | v | ExampleConfiguration | false | tst.js:208:19:208:19 | v | -| tst.js:209:9:209:12 | SINK | ExampleConfiguration | false | tst.js:209:9:209:12 | SINK | -| tst.js:209:14:209:14 | v | ExampleConfiguration | false | tst.js:209:14:209:14 | v | -| tst.js:211:9:211:12 | SINK | ExampleConfiguration | false | tst.js:211:9:211:12 | SINK | -| tst.js:211:14:211:14 | v | ExampleConfiguration | false | tst.js:211:14:211:14 | v | -| tst.js:214:9:214:9 | o | ExampleConfiguration | false | tst.js:214:9:214:9 | o | | tst.js:214:9:214:24 | o.indexOf(v) < 0 | ExampleConfiguration | false | tst.js:214:19:214:19 | v | -| tst.js:214:19:214:19 | v | ExampleConfiguration | false | tst.js:214:19:214:19 | v | -| tst.js:215:9:215:12 | SINK | ExampleConfiguration | false | tst.js:215:9:215:12 | SINK | -| tst.js:215:14:215:14 | v | ExampleConfiguration | false | tst.js:215:14:215:14 | v | -| tst.js:217:9:217:12 | SINK | ExampleConfiguration | false | tst.js:217:9:217:12 | SINK | -| tst.js:217:14:217:14 | v | ExampleConfiguration | false | tst.js:217:14:217:14 | v | -| tst.js:220:9:220:9 | o | ExampleConfiguration | false | tst.js:220:9:220:9 | o | | tst.js:220:9:220:25 | o.indexOf(v) > -1 | ExampleConfiguration | true | tst.js:220:19:220:19 | v | -| tst.js:220:19:220:19 | v | ExampleConfiguration | false | tst.js:220:19:220:19 | v | -| tst.js:221:9:221:12 | SINK | ExampleConfiguration | false | tst.js:221:9:221:12 | SINK | -| tst.js:221:14:221:14 | v | ExampleConfiguration | false | tst.js:221:14:221:14 | v | -| tst.js:223:9:223:12 | SINK | ExampleConfiguration | false | tst.js:223:9:223:12 | SINK | -| tst.js:223:14:223:14 | v | ExampleConfiguration | false | tst.js:223:14:223:14 | v | | tst.js:226:9:226:26 | -1 >= o.indexOf(v) | ExampleConfiguration | false | tst.js:226:25:226:25 | v | -| tst.js:226:15:226:15 | o | ExampleConfiguration | false | tst.js:226:15:226:15 | o | -| tst.js:226:25:226:25 | v | ExampleConfiguration | false | tst.js:226:25:226:25 | v | -| tst.js:227:9:227:12 | SINK | ExampleConfiguration | false | tst.js:227:9:227:12 | SINK | -| tst.js:227:14:227:14 | v | ExampleConfiguration | false | tst.js:227:14:227:14 | v | -| tst.js:229:9:229:12 | SINK | ExampleConfiguration | false | tst.js:229:9:229:12 | SINK | -| tst.js:229:14:229:14 | v | ExampleConfiguration | false | tst.js:229:14:229:14 | v | -| tst.js:235:13:235:18 | SOURCE | ExampleConfiguration | false | tst.js:235:13:235:18 | SOURCE | -| tst.js:236:9:236:21 | isWhitelisted | ExampleConfiguration | false | tst.js:236:9:236:21 | isWhitelisted | | tst.js:236:9:236:24 | isWhitelisted(v) | ExampleConfiguration | true | tst.js:236:23:236:23 | v | -| tst.js:236:23:236:23 | v | ExampleConfiguration | false | tst.js:236:23:236:23 | v | -| tst.js:237:9:237:12 | SINK | ExampleConfiguration | false | tst.js:237:9:237:12 | SINK | -| tst.js:237:14:237:14 | v | ExampleConfiguration | false | tst.js:237:14:237:14 | v | -| tst.js:239:9:239:12 | SINK | ExampleConfiguration | false | tst.js:239:9:239:12 | SINK | -| tst.js:239:14:239:14 | v | ExampleConfiguration | false | tst.js:239:14:239:14 | v | -| tst.js:240:9:240:14 | config | ExampleConfiguration | false | tst.js:240:9:240:14 | config | | tst.js:240:9:240:28 | config.allowValue(v) | ExampleConfiguration | true | tst.js:240:27:240:27 | v | -| tst.js:240:27:240:27 | v | ExampleConfiguration | false | tst.js:240:27:240:27 | v | -| tst.js:241:9:241:12 | SINK | ExampleConfiguration | false | tst.js:241:9:241:12 | SINK | -| tst.js:241:14:241:14 | v | ExampleConfiguration | false | tst.js:241:14:241:14 | v | -| tst.js:243:9:243:12 | SINK | ExampleConfiguration | false | tst.js:243:9:243:12 | SINK | -| tst.js:243:14:243:14 | v | ExampleConfiguration | false | tst.js:243:14:243:14 | v | -| tst.js:248:13:248:18 | SOURCE | ExampleConfiguration | false | tst.js:248:13:248:18 | SOURCE | -| tst.js:249:5:249:8 | SINK | ExampleConfiguration | false | tst.js:249:5:249:8 | SINK | -| tst.js:249:10:249:10 | v | ExampleConfiguration | false | tst.js:249:10:249:10 | v | -| tst.js:252:16:252:24 | whitelist | ExampleConfiguration | false | tst.js:252:16:252:24 | whitelist | | tst.js:252:16:252:36 | whiteli ... ains(x) | ExampleConfiguration | true | tst.js:252:35:252:35 | x | -| tst.js:252:35:252:35 | x | ExampleConfiguration | false | tst.js:252:35:252:35 | x | -| tst.js:254:9:254:9 | f | ExampleConfiguration | false | tst.js:254:9:254:9 | f | -| tst.js:254:11:254:11 | v | ExampleConfiguration | false | tst.js:254:11:254:11 | v | -| tst.js:255:9:255:12 | SINK | ExampleConfiguration | false | tst.js:255:9:255:12 | SINK | -| tst.js:255:14:255:14 | v | ExampleConfiguration | false | tst.js:255:14:255:14 | v | -| tst.js:257:9:257:12 | SINK | ExampleConfiguration | false | tst.js:257:9:257:12 | SINK | -| tst.js:257:14:257:14 | v | ExampleConfiguration | false | tst.js:257:14:257:14 | v | -| tst.js:261:25:261:33 | whitelist | ExampleConfiguration | false | tst.js:261:25:261:33 | whitelist | | tst.js:261:25:261:45 | whiteli ... ains(y) | ExampleConfiguration | true | tst.js:261:44:261:44 | y | -| tst.js:261:44:261:44 | y | ExampleConfiguration | false | tst.js:261:44:261:44 | y | -| tst.js:262:16:262:24 | sanitized | ExampleConfiguration | false | tst.js:262:16:262:24 | sanitized | -| tst.js:264:9:264:9 | g | ExampleConfiguration | false | tst.js:264:9:264:9 | g | -| tst.js:264:11:264:11 | v | ExampleConfiguration | false | tst.js:264:11:264:11 | v | -| tst.js:265:9:265:12 | SINK | ExampleConfiguration | false | tst.js:265:9:265:12 | SINK | -| tst.js:265:14:265:14 | v | ExampleConfiguration | false | tst.js:265:14:265:14 | v | -| tst.js:267:9:267:12 | SINK | ExampleConfiguration | false | tst.js:267:9:267:12 | SINK | -| tst.js:267:14:267:14 | v | ExampleConfiguration | false | tst.js:267:14:267:14 | v | -| tst.js:271:25:271:33 | whitelist | ExampleConfiguration | false | tst.js:271:25:271:33 | whitelist | | tst.js:271:25:271:45 | whiteli ... ains(z) | ExampleConfiguration | true | tst.js:271:44:271:44 | z | -| tst.js:271:44:271:44 | z | ExampleConfiguration | false | tst.js:271:44:271:44 | z | -| tst.js:272:16:272:28 | somethingElse | ExampleConfiguration | false | tst.js:272:16:272:28 | somethingElse | -| tst.js:274:9:274:9 | h | ExampleConfiguration | false | tst.js:274:9:274:9 | h | -| tst.js:274:11:274:11 | v | ExampleConfiguration | false | tst.js:274:11:274:11 | v | -| tst.js:275:9:275:12 | SINK | ExampleConfiguration | false | tst.js:275:9:275:12 | SINK | -| tst.js:275:14:275:14 | v | ExampleConfiguration | false | tst.js:275:14:275:14 | v | -| tst.js:277:9:277:12 | SINK | ExampleConfiguration | false | tst.js:277:9:277:12 | SINK | -| tst.js:277:14:277:14 | v | ExampleConfiguration | false | tst.js:277:14:277:14 | v | -| tst.js:281:16:281:17 | x2 | ExampleConfiguration | false | tst.js:281:16:281:17 | x2 | | tst.js:281:16:281:25 | x2 != null | ExampleConfiguration | false | tst.js:281:16:281:17 | x2 | | tst.js:281:16:281:25 | x2 != null | ExampleConfiguration | false | tst.js:281:22:281:25 | null | -| tst.js:281:30:281:38 | whitelist | ExampleConfiguration | false | tst.js:281:30:281:38 | whitelist | | tst.js:281:30:281:51 | whiteli ... ins(x2) | ExampleConfiguration | true | tst.js:281:49:281:50 | x2 | -| tst.js:281:49:281:50 | x2 | ExampleConfiguration | false | tst.js:281:49:281:50 | x2 | -| tst.js:283:9:283:10 | f2 | ExampleConfiguration | false | tst.js:283:9:283:10 | f2 | -| tst.js:283:12:283:12 | v | ExampleConfiguration | false | tst.js:283:12:283:12 | v | -| tst.js:284:9:284:12 | SINK | ExampleConfiguration | false | tst.js:284:9:284:12 | SINK | -| tst.js:284:14:284:14 | v | ExampleConfiguration | false | tst.js:284:14:284:14 | v | -| tst.js:286:9:286:12 | SINK | ExampleConfiguration | false | tst.js:286:9:286:12 | SINK | -| tst.js:286:14:286:14 | v | ExampleConfiguration | false | tst.js:286:14:286:14 | v | -| tst.js:290:16:290:17 | x3 | ExampleConfiguration | false | tst.js:290:16:290:17 | x3 | | tst.js:290:16:290:25 | x3 == null | ExampleConfiguration | true | tst.js:290:16:290:17 | x3 | | tst.js:290:16:290:25 | x3 == null | ExampleConfiguration | true | tst.js:290:22:290:25 | null | -| tst.js:290:30:290:38 | whitelist | ExampleConfiguration | false | tst.js:290:30:290:38 | whitelist | | tst.js:290:30:290:51 | whiteli ... ins(x3) | ExampleConfiguration | true | tst.js:290:49:290:50 | x3 | -| tst.js:290:49:290:50 | x3 | ExampleConfiguration | false | tst.js:290:49:290:50 | x3 | -| tst.js:292:9:292:10 | f3 | ExampleConfiguration | false | tst.js:292:9:292:10 | f3 | -| tst.js:292:12:292:12 | v | ExampleConfiguration | false | tst.js:292:12:292:12 | v | -| tst.js:293:9:293:12 | SINK | ExampleConfiguration | false | tst.js:293:9:293:12 | SINK | -| tst.js:293:14:293:14 | v | ExampleConfiguration | false | tst.js:293:14:293:14 | v | -| tst.js:295:9:295:12 | SINK | ExampleConfiguration | false | tst.js:295:9:295:12 | SINK | -| tst.js:295:14:295:14 | v | ExampleConfiguration | false | tst.js:295:14:295:14 | v | -| tst.js:299:17:299:25 | whitelist | ExampleConfiguration | false | tst.js:299:17:299:25 | whitelist | | tst.js:299:17:299:38 | whiteli ... ins(x4) | ExampleConfiguration | true | tst.js:299:36:299:37 | x4 | -| tst.js:299:36:299:37 | x4 | ExampleConfiguration | false | tst.js:299:36:299:37 | x4 | -| tst.js:301:9:301:10 | f4 | ExampleConfiguration | false | tst.js:301:9:301:10 | f4 | -| tst.js:301:12:301:12 | v | ExampleConfiguration | false | tst.js:301:12:301:12 | v | -| tst.js:302:9:302:12 | SINK | ExampleConfiguration | false | tst.js:302:9:302:12 | SINK | -| tst.js:302:14:302:14 | v | ExampleConfiguration | false | tst.js:302:14:302:14 | v | -| tst.js:304:9:304:12 | SINK | ExampleConfiguration | false | tst.js:304:9:304:12 | SINK | -| tst.js:304:14:304:14 | v | ExampleConfiguration | false | tst.js:304:14:304:14 | v | -| tst.js:308:18:308:26 | whitelist | ExampleConfiguration | false | tst.js:308:18:308:26 | whitelist | | tst.js:308:18:308:39 | whiteli ... ins(x5) | ExampleConfiguration | true | tst.js:308:37:308:38 | x5 | -| tst.js:308:37:308:38 | x5 | ExampleConfiguration | false | tst.js:308:37:308:38 | x5 | -| tst.js:310:9:310:10 | f5 | ExampleConfiguration | false | tst.js:310:9:310:10 | f5 | -| tst.js:310:12:310:12 | v | ExampleConfiguration | false | tst.js:310:12:310:12 | v | -| tst.js:311:9:311:12 | SINK | ExampleConfiguration | false | tst.js:311:9:311:12 | SINK | -| tst.js:311:14:311:14 | v | ExampleConfiguration | false | tst.js:311:14:311:14 | v | -| tst.js:313:9:313:12 | SINK | ExampleConfiguration | false | tst.js:313:9:313:12 | SINK | -| tst.js:313:14:313:14 | v | ExampleConfiguration | false | tst.js:313:14:313:14 | v | -| tst.js:317:26:317:34 | whitelist | ExampleConfiguration | false | tst.js:317:26:317:34 | whitelist | | tst.js:317:26:317:47 | whiteli ... ins(x6) | ExampleConfiguration | true | tst.js:317:45:317:46 | x6 | -| tst.js:317:45:317:46 | x6 | ExampleConfiguration | false | tst.js:317:45:317:46 | x6 | -| tst.js:318:17:318:25 | sanitized | ExampleConfiguration | false | tst.js:318:17:318:25 | sanitized | -| tst.js:320:9:320:10 | f6 | ExampleConfiguration | false | tst.js:320:9:320:10 | f6 | -| tst.js:320:12:320:12 | v | ExampleConfiguration | false | tst.js:320:12:320:12 | v | -| tst.js:321:9:321:12 | SINK | ExampleConfiguration | false | tst.js:321:9:321:12 | SINK | -| tst.js:321:14:321:14 | v | ExampleConfiguration | false | tst.js:321:14:321:14 | v | -| tst.js:323:9:323:12 | SINK | ExampleConfiguration | false | tst.js:323:9:323:12 | SINK | -| tst.js:323:14:323:14 | v | ExampleConfiguration | false | tst.js:323:14:323:14 | v | -| tst.js:327:25:327:26 | x7 | ExampleConfiguration | false | tst.js:327:25:327:26 | x7 | | tst.js:327:25:327:34 | x7 != null | ExampleConfiguration | false | tst.js:327:25:327:26 | x7 | | tst.js:327:25:327:34 | x7 != null | ExampleConfiguration | false | tst.js:327:31:327:34 | null | -| tst.js:327:39:327:47 | whitelist | ExampleConfiguration | false | tst.js:327:39:327:47 | whitelist | | tst.js:327:39:327:60 | whiteli ... ins(x7) | ExampleConfiguration | true | tst.js:327:58:327:59 | x7 | -| tst.js:327:58:327:59 | x7 | ExampleConfiguration | false | tst.js:327:58:327:59 | x7 | -| tst.js:328:16:328:24 | sanitized | ExampleConfiguration | false | tst.js:328:16:328:24 | sanitized | -| tst.js:330:9:330:10 | f7 | ExampleConfiguration | false | tst.js:330:9:330:10 | f7 | -| tst.js:330:12:330:12 | v | ExampleConfiguration | false | tst.js:330:12:330:12 | v | -| tst.js:331:9:331:12 | SINK | ExampleConfiguration | false | tst.js:331:9:331:12 | SINK | -| tst.js:331:14:331:14 | v | ExampleConfiguration | false | tst.js:331:14:331:14 | v | -| tst.js:333:9:333:12 | SINK | ExampleConfiguration | false | tst.js:333:9:333:12 | SINK | -| tst.js:333:14:333:14 | v | ExampleConfiguration | false | tst.js:333:14:333:14 | v | -| tst.js:337:25:337:33 | whitelist | ExampleConfiguration | false | tst.js:337:25:337:33 | whitelist | | tst.js:337:25:337:46 | whiteli ... ins(x8) | ExampleConfiguration | true | tst.js:337:44:337:45 | x8 | -| tst.js:337:44:337:45 | x8 | ExampleConfiguration | false | tst.js:337:44:337:45 | x8 | -| tst.js:338:16:338:17 | x8 | ExampleConfiguration | false | tst.js:338:16:338:17 | x8 | | tst.js:338:16:338:25 | x8 != null | ExampleConfiguration | false | tst.js:338:16:338:17 | x8 | | tst.js:338:16:338:25 | x8 != null | ExampleConfiguration | false | tst.js:338:22:338:25 | null | -| tst.js:338:30:338:38 | sanitized | ExampleConfiguration | false | tst.js:338:30:338:38 | sanitized | -| tst.js:340:9:340:10 | f8 | ExampleConfiguration | false | tst.js:340:9:340:10 | f8 | -| tst.js:340:12:340:12 | v | ExampleConfiguration | false | tst.js:340:12:340:12 | v | -| tst.js:341:9:341:12 | SINK | ExampleConfiguration | false | tst.js:341:9:341:12 | SINK | -| tst.js:341:14:341:14 | v | ExampleConfiguration | false | tst.js:341:14:341:14 | v | -| tst.js:343:9:343:12 | SINK | ExampleConfiguration | false | tst.js:343:9:343:12 | SINK | -| tst.js:343:14:343:14 | v | ExampleConfiguration | false | tst.js:343:14:343:14 | v | -| tst.js:347:16:347:22 | unknown | ExampleConfiguration | false | tst.js:347:16:347:22 | unknown | -| tst.js:347:29:347:37 | whitelist | ExampleConfiguration | false | tst.js:347:29:347:37 | whitelist | | tst.js:347:29:347:50 | whiteli ... ins(x9) | ExampleConfiguration | true | tst.js:347:48:347:49 | x9 | -| tst.js:347:48:347:49 | x9 | ExampleConfiguration | false | tst.js:347:48:347:49 | x9 | -| tst.js:347:55:347:61 | unknown | ExampleConfiguration | false | tst.js:347:55:347:61 | unknown | -| tst.js:349:9:349:10 | f9 | ExampleConfiguration | false | tst.js:349:9:349:10 | f9 | -| tst.js:349:12:349:12 | v | ExampleConfiguration | false | tst.js:349:12:349:12 | v | -| tst.js:350:9:350:12 | SINK | ExampleConfiguration | false | tst.js:350:9:350:12 | SINK | -| tst.js:350:14:350:14 | v | ExampleConfiguration | false | tst.js:350:14:350:14 | v | -| tst.js:352:9:352:12 | SINK | ExampleConfiguration | false | tst.js:352:9:352:12 | SINK | -| tst.js:352:14:352:14 | v | ExampleConfiguration | false | tst.js:352:14:352:14 | v | -| tst.js:356:16:356:18 | x10 | ExampleConfiguration | false | tst.js:356:16:356:18 | x10 | | tst.js:356:16:356:27 | x10 !== null | ExampleConfiguration | false | tst.js:356:16:356:18 | x10 | | tst.js:356:16:356:27 | x10 !== null | ExampleConfiguration | false | tst.js:356:24:356:27 | null | -| tst.js:356:32:356:34 | x10 | ExampleConfiguration | false | tst.js:356:32:356:34 | x10 | | tst.js:356:32:356:48 | x10 !== undefined | ExampleConfiguration | false | tst.js:356:32:356:34 | x10 | | tst.js:356:32:356:48 | x10 !== undefined | ExampleConfiguration | false | tst.js:356:40:356:48 | undefined | -| tst.js:356:40:356:48 | undefined | ExampleConfiguration | false | tst.js:356:40:356:48 | undefined | -| tst.js:358:9:358:11 | f10 | ExampleConfiguration | false | tst.js:358:9:358:11 | f10 | -| tst.js:358:13:358:13 | v | ExampleConfiguration | false | tst.js:358:13:358:13 | v | -| tst.js:359:9:359:12 | SINK | ExampleConfiguration | false | tst.js:359:9:359:12 | SINK | -| tst.js:359:14:359:14 | v | ExampleConfiguration | false | tst.js:359:14:359:14 | v | -| tst.js:361:9:361:12 | SINK | ExampleConfiguration | false | tst.js:361:9:361:12 | SINK | -| tst.js:361:14:361:14 | v | ExampleConfiguration | false | tst.js:361:14:361:14 | v | -| tst.js:367:13:367:18 | SOURCE | ExampleConfiguration | false | tst.js:367:13:367:18 | SOURCE | -| tst.js:368:5:368:8 | SINK | ExampleConfiguration | false | tst.js:368:5:368:8 | SINK | -| tst.js:368:10:368:10 | o | ExampleConfiguration | false | tst.js:368:10:368:10 | o | -| tst.js:370:9:370:9 | o | ExampleConfiguration | false | tst.js:370:9:370:9 | o | | tst.js:370:9:370:29 | o.p == ... listed" | ExampleConfiguration | true | tst.js:370:9:370:11 | o.p | -| tst.js:371:9:371:12 | SINK | ExampleConfiguration | false | tst.js:371:9:371:12 | SINK | -| tst.js:371:14:371:14 | o | ExampleConfiguration | false | tst.js:371:14:371:14 | o | -| tst.js:373:9:373:12 | SINK | ExampleConfiguration | false | tst.js:373:9:373:12 | SINK | -| tst.js:373:14:373:14 | o | ExampleConfiguration | false | tst.js:373:14:373:14 | o | -| tst.js:376:19:376:19 | o | ExampleConfiguration | false | tst.js:376:19:376:19 | o | -| tst.js:377:11:377:11 | o | ExampleConfiguration | false | tst.js:377:11:377:11 | o | | tst.js:377:11:377:32 | o[p] == ... listed" | ExampleConfiguration | true | tst.js:377:11:377:14 | o[p] | -| tst.js:377:13:377:13 | p | ExampleConfiguration | false | tst.js:377:13:377:13 | p | -| tst.js:378:9:378:12 | SINK | ExampleConfiguration | false | tst.js:378:9:378:12 | SINK | -| tst.js:378:14:378:14 | o | ExampleConfiguration | false | tst.js:378:14:378:14 | o | -| tst.js:378:16:378:16 | p | ExampleConfiguration | false | tst.js:378:16:378:16 | p | -| tst.js:379:9:379:9 | p | ExampleConfiguration | false | tst.js:379:9:379:9 | p | -| tst.js:379:13:379:25 | somethingElse | ExampleConfiguration | false | tst.js:379:13:379:25 | somethingElse | -| tst.js:380:9:380:12 | SINK | ExampleConfiguration | false | tst.js:380:9:380:12 | SINK | -| tst.js:380:14:380:14 | o | ExampleConfiguration | false | tst.js:380:14:380:14 | o | -| tst.js:380:16:380:16 | p | ExampleConfiguration | false | tst.js:380:16:380:16 | p | -| tst.js:382:9:382:12 | SINK | ExampleConfiguration | false | tst.js:382:9:382:12 | SINK | -| tst.js:382:14:382:14 | o | ExampleConfiguration | false | tst.js:382:14:382:14 | o | -| tst.js:382:16:382:16 | p | ExampleConfiguration | false | tst.js:382:16:382:16 | p | From 2d437efdfd0febae32cd9641ff9202624fd8e4d1 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Thu, 20 Feb 2020 09:54:11 +0100 Subject: [PATCH 7/8] corrections on qldoc Co-Authored-By: Asger F --- .../ql/src/semmle/javascript/dataflow/Configuration.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll index 0cba3157ba9..28c7a62fb4f 100644 --- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll @@ -1482,8 +1482,8 @@ private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, Dat } /** - * A check of the form `if(x)`, which sanitizes `x` in its "else" branch. - * Can be added to a `isBarrier` in a configuration to add the sanitization. + * A guard node for a variable in a negative condition, such as `x` in `if(!x)`. + * Can be added to a `isBarrier` in a data-flow configuration to block flow through such checks. */ class VarAccessBarrier extends DataFlow::Node { VarAccessBarrier() { From 80962803b0fb1b4ab975a4d535be1bb14f65e2e1 Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Thu, 20 Feb 2020 10:09:32 +0100 Subject: [PATCH 8/8] update doc for VarAccessBarrier, and make the class private --- .../security/dataflow/TaintedPathCustomizations.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index 62e42b1963a..69d86f2ac91 100644 --- a/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -356,9 +356,9 @@ module TaintedPath { } /** - * A check of the form `if(x)`, which sanitizes `x` in its "else" branch. + * A guard node for a variable in a negative condition, such as `x` in `if(!x)`. */ - class VarAccessBarrier extends Sanitizer, DataFlow::VarAccessBarrier { } + private class VarAccessBarrier extends Sanitizer, DataFlow::VarAccessBarrier { } /** * A source of remote user input, considered as a flow source for