hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17213 from asgerf/jss/spread-argument

Browse Source 
JS: Improve handling of spread arguments and rest parameters [shared data flow branch]
This commit is contained in:
Asger F
2024-09-09 13:15:22 +02:00
committed by GitHub
parent 2adaf0f935 fb9732a33f
commit 094112c905
52 changed files with 1257 additions and 330 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/test/library-tests/Arrays/DataFlow.expected
View File

@@ -1,11 +1,11 @@
legacyDataFlowDifference
| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | only flow with OLD data flow library |
flow
| arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo |
| arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] |
| arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e |
| arrays.js:2:16:2:23 | "source" | arrays.js:16:23:16:23 | e |
| arrays.js:2:16:2:23 | "source" | arrays.js:20:8:20:16 | arr.pop() |
| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() |
| arrays.js:2:16:2:23 | "source" | arrays.js:61:10:61:10 | x |
| arrays.js:2:16:2:23 | "source" | arrays.js:65:10:65:10 | x |
| arrays.js:2:16:2:23 | "source" | arrays.js:69:10:69:10 | x |
@@ -24,3 +24,5 @@ flow
| arrays.js:29:21:29:28 | "source" | arrays.js:50:8:50:17 | arr6.pop() |
| arrays.js:33:37:33:44 | "source" | arrays.js:35:8:35:25 | arr4_variant.pop() |
| arrays.js:53:4:53:11 | "source" | arrays.js:54:10:54:18 | ary.pop() |
| arrays.js:96:9:96:16 | "source" | arrays.js:96:8:96:40 | ["sourc ... ).pop() |
| arrays.js:97:9:97:16 | "source" | arrays.js:97:8:97:42 | ["sourc ... ).pop() |

7
javascript/ql/test/library-tests/Arrays/TaintFlow.expected
View File

@@ -1,11 +1,11 @@
legacyDataFlowDifference
| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | only flow with OLD data flow library |
flow
| arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo |
| arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] |
| arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e |
| arrays.js:2:16:2:23 | "source" | arrays.js:16:23:16:23 | e |
| arrays.js:2:16:2:23 | "source" | arrays.js:20:8:20:16 | arr.pop() |
| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() |
| arrays.js:2:16:2:23 | "source" | arrays.js:58:8:58:13 | arr[0] |
| arrays.js:2:16:2:23 | "source" | arrays.js:61:10:61:10 | x |
| arrays.js:2:16:2:23 | "source" | arrays.js:65:10:65:10 | x |
@@ -26,5 +26,6 @@ flow
| arrays.js:33:37:33:44 | "source" | arrays.js:35:8:35:25 | arr4_variant.pop() |
| arrays.js:53:4:53:11 | "source" | arrays.js:54:10:54:18 | ary.pop() |
| arrays.js:53:4:53:11 | "source" | arrays.js:55:10:55:12 | ary |
| arrays.js:95:9:95:16 | "source" | arrays.js:95:8:95:34 | ["sourc ... ) => x) |
| arrays.js:96:9:96:16 | "source" | arrays.js:96:8:96:36 | ["sourc ... => !!x) |
| arrays.js:95:9:95:16 | "source" | arrays.js:95:8:95:17 | ["source"] |
| arrays.js:96:9:96:16 | "source" | arrays.js:96:8:96:40 | ["sourc ... ).pop() |
| arrays.js:97:9:97:16 | "source" | arrays.js:97:8:97:42 | ["sourc ... ).pop() |

6
javascript/ql/test/library-tests/Arrays/arrays.js
View File

@@ -92,6 +92,8 @@
sink(arr.at(-1)); // NOT OK
sink(["source"].filter((x) => x)); // NOT OK
sink(["source"].filter((x) => !!x)); // NOT OK
sink(["source"]); // OK - for now, array element do not taint the entire array
sink(["source"].filter((x) => x).pop()); // NOT OK
sink(["source"].filter((x) => !!x).pop()); // NOT OK
});

372
javascript/ql/test/library-tests/Arrays/printAst.expected
View File

@@ -1,9 +1,9 @@
nodes
| arrays.js:1:1:97:2 | [ParExpr] (functi ... T OK }) | semmle.label | [ParExpr] (functi ... T OK }) |
| arrays.js:1:1:97:3 | [ExprStmt] (functi ... OK }); | semmle.label | [ExprStmt] (functi ... OK }); |
| arrays.js:1:1:97:3 | [ExprStmt] (functi ... OK }); | semmle.order | 1 |
| arrays.js:1:2:97:1 | [FunctionExpr] functio ... OT OK } | semmle.label | [FunctionExpr] functio ... OT OK } |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | semmle.label | [BlockStmt] { let ... OT OK } |
| arrays.js:1:1:99:2 | [ParExpr] (functi ... OK }) | semmle.label | [ParExpr] (functi ... OK }) |
| arrays.js:1:1:99:3 | [ExprStmt] (functi ... OK }); | semmle.label | [ExprStmt] (functi ... OK }); |
| arrays.js:1:1:99:3 | [ExprStmt] (functi ... OK }); | semmle.order | 1 |
| arrays.js:1:2:99:1 | [FunctionExpr] functio ... T OK } | semmle.label | [FunctionExpr] functio ... T OK } |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | semmle.label | [BlockStmt] { let ... T OK } |
| arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | [DeclStmt] let source = ... |
| arrays.js:2:7:2:12 | [VarDecl] source | semmle.label | [VarDecl] source |
| arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.label | [VariableDeclarator] source = "source" |
@@ -394,29 +394,41 @@ nodes
| arrays.js:93:15:93:16 | [UnaryExpr] -1 | semmle.label | [UnaryExpr] -1 |
| arrays.js:93:16:93:16 | [Literal] 1 | semmle.label | [Literal] 1 |
| arrays.js:95:3:95:6 | [VarRef] sink | semmle.label | [VarRef] sink |
| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | semmle.label | [CallExpr] sink([" ... => x)) |
| arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | semmle.label | [ExprStmt] sink([" ... => x)); |
| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | semmle.label | [CallExpr] sink(["source"]) |
| arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | semmle.label | [ExprStmt] sink(["source"]); |
| arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] |
| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | semmle.label | [DotExpr] ["source"].filter |
| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.label | [MethodCallExpr] ["sourc ... ) => x) |
| arrays.js:95:9:95:16 | [Literal] "source" | semmle.label | [Literal] "source" |
| arrays.js:95:19:95:24 | [Label] filter | semmle.label | [Label] filter |
| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | semmle.label | [ArrowFunctionExpr] (x) => x |
| arrays.js:95:27:95:27 | [SimpleParameter] x | semmle.label | [SimpleParameter] x |
| arrays.js:95:33:95:33 | [VarRef] x | semmle.label | [VarRef] x |
| arrays.js:96:3:96:6 | [VarRef] sink | semmle.label | [VarRef] sink |
| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | semmle.label | [CallExpr] sink([" ... > !!x)) |
| arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | semmle.label | [ExprStmt] sink([" ... !!x)); |
| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | semmle.label | [CallExpr] sink([" ... .pop()) |
| arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | semmle.label | [ExprStmt] sink([" ... pop()); |
| arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] |
| arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.label | [DotExpr] ["source"].filter |
| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.label | [MethodCallExpr] ["sourc ... => !!x) |
| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.label | [MethodCallExpr] ["sourc ... ) => x) |
| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | semmle.label | [DotExpr] ["sourc ... x).pop |
| arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | semmle.label | [MethodCallExpr] ["sourc ... ).pop() |
| arrays.js:96:9:96:16 | [Literal] "source" | semmle.label | [Literal] "source" |
| arrays.js:96:19:96:24 | [Label] filter | semmle.label | [Label] filter |
| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | semmle.label | [ArrowFunctionExpr] (x) => !!x |
| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | semmle.label | [ArrowFunctionExpr] (x) => x |
| arrays.js:96:27:96:27 | [SimpleParameter] x | semmle.label | [SimpleParameter] x |
| arrays.js:96:33:96:35 | [UnaryExpr] !!x | semmle.label | [UnaryExpr] !!x |
| arrays.js:96:34:96:35 | [UnaryExpr] !x | semmle.label | [UnaryExpr] !x |
| arrays.js:96:35:96:35 | [VarRef] x | semmle.label | [VarRef] x |
| arrays.js:96:33:96:33 | [VarRef] x | semmle.label | [VarRef] x |
| arrays.js:96:36:96:38 | [Label] pop | semmle.label | [Label] pop |
| arrays.js:97:3:97:6 | [VarRef] sink | semmle.label | [VarRef] sink |
| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | semmle.label | [CallExpr] sink([" ... .pop()) |
| arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | semmle.label | [ExprStmt] sink([" ... pop()); |
| arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | semmle.label | [ArrayExpr] ["source"] |
| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | semmle.label | [DotExpr] ["source"].filter |
| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.label | [MethodCallExpr] ["sourc ... => !!x) |
| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | semmle.label | [DotExpr] ["sourc ... !x).pop |
| arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | semmle.label | [MethodCallExpr] ["sourc ... ).pop() |
| arrays.js:97:9:97:16 | [Literal] "source" | semmle.label | [Literal] "source" |
| arrays.js:97:19:97:24 | [Label] filter | semmle.label | [Label] filter |
| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | semmle.label | [ArrowFunctionExpr] (x) => !!x |
| arrays.js:97:27:97:27 | [SimpleParameter] x | semmle.label | [SimpleParameter] x |
| arrays.js:97:33:97:35 | [UnaryExpr] !!x | semmle.label | [UnaryExpr] !!x |
| arrays.js:97:34:97:35 | [UnaryExpr] !x | semmle.label | [UnaryExpr] !x |
| arrays.js:97:35:97:35 | [VarRef] x | semmle.label | [VarRef] x |
| arrays.js:97:38:97:40 | [Label] pop | semmle.label | [Label] pop |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
@@ -476,108 +488,110 @@ nodes
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
edges
| arrays.js:1:1:97:2 | [ParExpr] (functi ... T OK }) | arrays.js:1:2:97:1 | [FunctionExpr] functio ... OT OK } | semmle.label | 1 |
| arrays.js:1:1:97:2 | [ParExpr] (functi ... T OK }) | arrays.js:1:2:97:1 | [FunctionExpr] functio ... OT OK } | semmle.order | 1 |
| arrays.js:1:1:97:3 | [ExprStmt] (functi ... OK }); | arrays.js:1:1:97:2 | [ParExpr] (functi ... T OK }) | semmle.label | 1 |
| arrays.js:1:1:97:3 | [ExprStmt] (functi ... OK }); | arrays.js:1:1:97:2 | [ParExpr] (functi ... T OK }) | semmle.order | 1 |
| arrays.js:1:2:97:1 | [FunctionExpr] functio ... OT OK } | arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | semmle.label | 5 |
| arrays.js:1:2:97:1 | [FunctionExpr] functio ... OT OK } | arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | semmle.order | 5 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | 1 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.order | 1 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.label | 2 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.order | 2 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.label | 3 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.order | 3 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.label | 4 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.order | 4 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.label | 5 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.order | 5 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.label | 6 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.order | 6 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.label | 7 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.order | 7 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.label | 8 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.order | 8 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.label | 9 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.order | 9 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.label | 10 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.order | 10 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.label | 11 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.order | 11 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.label | 12 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.order | 12 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.label | 13 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.order | 13 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.label | 14 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.order | 14 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.label | 15 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.order | 15 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.label | 16 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.order | 16 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.label | 17 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.order | 17 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:32:3:32:24 | [DeclStmt] var arr4_variant = ... | semmle.label | 18 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:32:3:32:24 | [DeclStmt] var arr4_variant = ... | semmle.order | 18 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:33:3:33:46 | [ExprStmt] arr4_va ... urce"); | semmle.label | 19 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:33:3:33:46 | [ExprStmt] arr4_va ... urce"); | semmle.order | 19 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:34:3:34:21 | [ExprStmt] arr4_variant.pop(); | semmle.label | 20 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:34:3:34:21 | [ExprStmt] arr4_variant.pop(); | semmle.order | 20 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:35:3:35:27 | [ExprStmt] sink(ar ... pop()); | semmle.label | 21 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:35:3:35:27 | [ExprStmt] sink(ar ... pop()); | semmle.order | 21 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:37:3:37:23 | [DeclStmt] var arr4_spread = ... | semmle.label | 22 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:37:3:37:23 | [DeclStmt] var arr4_spread = ... | semmle.order | 22 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:38:3:38:35 | [ExprStmt] arr4_sp ... ..arr); | semmle.label | 23 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:38:3:38:35 | [ExprStmt] arr4_sp ... ..arr); | semmle.order | 23 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:39:3:39:26 | [ExprStmt] sink(ar ... pop()); | semmle.label | 24 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:39:3:39:26 | [ExprStmt] sink(ar ... pop()); | semmle.order | 24 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:41:3:41:29 | [DeclStmt] var arr5 = ... | semmle.label | 25 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:41:3:41:29 | [DeclStmt] var arr5 = ... | semmle.order | 25 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:42:3:42:19 | [ExprStmt] sink(arr5.pop()); | semmle.label | 26 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:42:3:42:19 | [ExprStmt] sink(arr5.pop()); | semmle.order | 26 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:44:3:44:28 | [ExprStmt] sink(ar ... pop()); | semmle.label | 27 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:44:3:44:28 | [ExprStmt] sink(ar ... pop()); | semmle.order | 27 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:46:3:46:16 | [DeclStmt] var arr6 = ... | semmle.label | 28 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:46:3:46:16 | [DeclStmt] var arr6 = ... | semmle.order | 28 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:47:3:49:3 | [ForStmt] for (va ... i]; } | semmle.label | 29 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:47:3:49:3 | [ForStmt] for (va ... i]; } | semmle.order | 29 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:50:3:50:19 | [ExprStmt] sink(arr6.pop()); | semmle.label | 30 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:50:3:50:19 | [ExprStmt] sink(arr6.pop()); | semmle.order | 30 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:53:3:56:5 | [ExprStmt] ["sourc ... . }); | semmle.label | 31 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:53:3:56:5 | [ExprStmt] ["sourc ... . }); | semmle.order | 31 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:58:3:58:15 | [ExprStmt] sink(arr[0]); | semmle.label | 32 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:58:3:58:15 | [ExprStmt] sink(arr[0]); | semmle.order | 32 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:60:3:62:3 | [ForOfStmt] for (co ... OK } | semmle.label | 33 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:60:3:62:3 | [ForOfStmt] for (co ... OK } | semmle.order | 33 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:64:3:66:3 | [ForOfStmt] for (co ... OK } | semmle.label | 34 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:64:3:66:3 | [ForOfStmt] for (co ... OK } | semmle.order | 34 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:68:3:70:3 | [ForOfStmt] for (co ... OK } | semmle.label | 35 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:68:3:70:3 | [ForOfStmt] for (co ... OK } | semmle.order | 35 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:72:3:72:16 | [DeclStmt] var arr7 = ... | semmle.label | 36 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:72:3:72:16 | [DeclStmt] var arr7 = ... | semmle.order | 36 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:73:3:73:20 | [ExprStmt] arr7.push(...arr); | semmle.label | 37 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:73:3:73:20 | [ExprStmt] arr7.push(...arr); | semmle.order | 37 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:74:3:76:3 | [ForOfStmt] for (co ... OK } | semmle.label | 38 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:74:3:76:3 | [ForOfStmt] for (co ... OK } | semmle.order | 38 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:78:3:78:42 | [DeclStmt] const arrayFrom = ... | semmle.label | 39 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:78:3:78:42 | [DeclStmt] const arrayFrom = ... | semmle.order | 39 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:79:3:81:3 | [ForOfStmt] for (co ... OK } | semmle.label | 40 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:79:3:81:3 | [ForOfStmt] for (co ... OK } | semmle.order | 40 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:83:3:83:31 | [ExprStmt] sink(ar ... back)); | semmle.label | 41 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:83:3:83:31 | [ExprStmt] sink(ar ... back)); | semmle.order | 41 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:85:3:85:42 | [DeclStmt] const arrayFind = ... | semmle.label | 42 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:85:3:85:42 | [DeclStmt] const arrayFind = ... | semmle.order | 42 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:86:3:86:37 | [ExprStmt] sink(ar ... back)); | semmle.label | 43 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:86:3:86:37 | [ExprStmt] sink(ar ... back)); | semmle.order | 43 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:88:3:88:31 | [DeclStmt] const uniq = ... | semmle.label | 44 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:88:3:88:31 | [DeclStmt] const uniq = ... | semmle.order | 44 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:89:3:91:3 | [ForOfStmt] for (co ... OK } | semmle.label | 45 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:89:3:91:3 | [ForOfStmt] for (co ... OK } | semmle.order | 45 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:93:3:93:19 | [ExprStmt] sink(arr.at(-1)); | semmle.label | 46 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:93:3:93:19 | [ExprStmt] sink(arr.at(-1)); | semmle.order | 46 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | semmle.label | 47 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | semmle.order | 47 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | semmle.label | 48 |
| arrays.js:1:14:97:1 | [BlockStmt] { let ... OT OK } | arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | semmle.order | 48 |
| arrays.js:1:1:99:2 | [ParExpr] (functi ... OK }) | arrays.js:1:2:99:1 | [FunctionExpr] functio ... T OK } | semmle.label | 1 |
| arrays.js:1:1:99:2 | [ParExpr] (functi ... OK }) | arrays.js:1:2:99:1 | [FunctionExpr] functio ... T OK } | semmle.order | 1 |
| arrays.js:1:1:99:3 | [ExprStmt] (functi ... OK }); | arrays.js:1:1:99:2 | [ParExpr] (functi ... OK }) | semmle.label | 1 |
| arrays.js:1:1:99:3 | [ExprStmt] (functi ... OK }); | arrays.js:1:1:99:2 | [ParExpr] (functi ... OK }) | semmle.order | 1 |
| arrays.js:1:2:99:1 | [FunctionExpr] functio ... T OK } | arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | semmle.label | 5 |
| arrays.js:1:2:99:1 | [FunctionExpr] functio ... T OK } | arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | semmle.order | 5 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | 1 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.order | 1 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.label | 2 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.order | 2 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.label | 3 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.order | 3 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.label | 4 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.order | 4 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.label | 5 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.order | 5 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.label | 6 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.order | 6 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.label | 7 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.order | 7 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.label | 8 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.order | 8 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.label | 9 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.order | 9 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.label | 10 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.order | 10 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.label | 11 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.order | 11 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.label | 12 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.order | 12 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.label | 13 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.order | 13 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.label | 14 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.order | 14 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.label | 15 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.order | 15 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.label | 16 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.order | 16 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.label | 17 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.order | 17 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:32:3:32:24 | [DeclStmt] var arr4_variant = ... | semmle.label | 18 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:32:3:32:24 | [DeclStmt] var arr4_variant = ... | semmle.order | 18 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:33:3:33:46 | [ExprStmt] arr4_va ... urce"); | semmle.label | 19 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:33:3:33:46 | [ExprStmt] arr4_va ... urce"); | semmle.order | 19 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:34:3:34:21 | [ExprStmt] arr4_variant.pop(); | semmle.label | 20 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:34:3:34:21 | [ExprStmt] arr4_variant.pop(); | semmle.order | 20 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:35:3:35:27 | [ExprStmt] sink(ar ... pop()); | semmle.label | 21 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:35:3:35:27 | [ExprStmt] sink(ar ... pop()); | semmle.order | 21 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:37:3:37:23 | [DeclStmt] var arr4_spread = ... | semmle.label | 22 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:37:3:37:23 | [DeclStmt] var arr4_spread = ... | semmle.order | 22 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:38:3:38:35 | [ExprStmt] arr4_sp ... ..arr); | semmle.label | 23 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:38:3:38:35 | [ExprStmt] arr4_sp ... ..arr); | semmle.order | 23 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:39:3:39:26 | [ExprStmt] sink(ar ... pop()); | semmle.label | 24 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:39:3:39:26 | [ExprStmt] sink(ar ... pop()); | semmle.order | 24 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:41:3:41:29 | [DeclStmt] var arr5 = ... | semmle.label | 25 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:41:3:41:29 | [DeclStmt] var arr5 = ... | semmle.order | 25 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:42:3:42:19 | [ExprStmt] sink(arr5.pop()); | semmle.label | 26 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:42:3:42:19 | [ExprStmt] sink(arr5.pop()); | semmle.order | 26 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:44:3:44:28 | [ExprStmt] sink(ar ... pop()); | semmle.label | 27 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:44:3:44:28 | [ExprStmt] sink(ar ... pop()); | semmle.order | 27 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:46:3:46:16 | [DeclStmt] var arr6 = ... | semmle.label | 28 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:46:3:46:16 | [DeclStmt] var arr6 = ... | semmle.order | 28 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:47:3:49:3 | [ForStmt] for (va ... i]; } | semmle.label | 29 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:47:3:49:3 | [ForStmt] for (va ... i]; } | semmle.order | 29 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:50:3:50:19 | [ExprStmt] sink(arr6.pop()); | semmle.label | 30 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:50:3:50:19 | [ExprStmt] sink(arr6.pop()); | semmle.order | 30 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:53:3:56:5 | [ExprStmt] ["sourc ... . }); | semmle.label | 31 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:53:3:56:5 | [ExprStmt] ["sourc ... . }); | semmle.order | 31 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:58:3:58:15 | [ExprStmt] sink(arr[0]); | semmle.label | 32 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:58:3:58:15 | [ExprStmt] sink(arr[0]); | semmle.order | 32 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:60:3:62:3 | [ForOfStmt] for (co ... OK } | semmle.label | 33 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:60:3:62:3 | [ForOfStmt] for (co ... OK } | semmle.order | 33 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:64:3:66:3 | [ForOfStmt] for (co ... OK } | semmle.label | 34 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:64:3:66:3 | [ForOfStmt] for (co ... OK } | semmle.order | 34 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:68:3:70:3 | [ForOfStmt] for (co ... OK } | semmle.label | 35 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:68:3:70:3 | [ForOfStmt] for (co ... OK } | semmle.order | 35 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:72:3:72:16 | [DeclStmt] var arr7 = ... | semmle.label | 36 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:72:3:72:16 | [DeclStmt] var arr7 = ... | semmle.order | 36 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:73:3:73:20 | [ExprStmt] arr7.push(...arr); | semmle.label | 37 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:73:3:73:20 | [ExprStmt] arr7.push(...arr); | semmle.order | 37 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:74:3:76:3 | [ForOfStmt] for (co ... OK } | semmle.label | 38 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:74:3:76:3 | [ForOfStmt] for (co ... OK } | semmle.order | 38 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:78:3:78:42 | [DeclStmt] const arrayFrom = ... | semmle.label | 39 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:78:3:78:42 | [DeclStmt] const arrayFrom = ... | semmle.order | 39 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:79:3:81:3 | [ForOfStmt] for (co ... OK } | semmle.label | 40 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:79:3:81:3 | [ForOfStmt] for (co ... OK } | semmle.order | 40 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:83:3:83:31 | [ExprStmt] sink(ar ... back)); | semmle.label | 41 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:83:3:83:31 | [ExprStmt] sink(ar ... back)); | semmle.order | 41 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:85:3:85:42 | [DeclStmt] const arrayFind = ... | semmle.label | 42 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:85:3:85:42 | [DeclStmt] const arrayFind = ... | semmle.order | 42 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:86:3:86:37 | [ExprStmt] sink(ar ... back)); | semmle.label | 43 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:86:3:86:37 | [ExprStmt] sink(ar ... back)); | semmle.order | 43 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:88:3:88:31 | [DeclStmt] const uniq = ... | semmle.label | 44 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:88:3:88:31 | [DeclStmt] const uniq = ... | semmle.order | 44 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:89:3:91:3 | [ForOfStmt] for (co ... OK } | semmle.label | 45 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:89:3:91:3 | [ForOfStmt] for (co ... OK } | semmle.order | 45 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:93:3:93:19 | [ExprStmt] sink(arr.at(-1)); | semmle.label | 46 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:93:3:93:19 | [ExprStmt] sink(arr.at(-1)); | semmle.order | 46 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | semmle.label | 47 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | semmle.order | 47 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | semmle.label | 48 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | semmle.order | 48 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | semmle.label | 49 |
| arrays.js:1:14:99:1 | [BlockStmt] { let ... T OK } | arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | semmle.order | 49 |
| arrays.js:2:3:2:24 | [DeclStmt] let source = ... | arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.label | 1 |
| arrays.js:2:3:2:24 | [DeclStmt] let source = ... | arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.order | 1 |
| arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | arrays.js:2:7:2:12 | [VarDecl] source | semmle.label | 1 |
@@ -1244,50 +1258,70 @@ edges
| arrays.js:93:8:93:17 | [MethodCallExpr] arr.at(-1) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:93:15:93:16 | [UnaryExpr] -1 | arrays.js:93:16:93:16 | [Literal] 1 | semmle.label | 1 |
| arrays.js:93:15:93:16 | [UnaryExpr] -1 | arrays.js:93:16:93:16 | [Literal] 1 | semmle.order | 1 |
| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | arrays.js:95:3:95:6 | [VarRef] sink | semmle.label | 0 |
| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | arrays.js:95:3:95:6 | [VarRef] sink | semmle.order | 0 |
| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | semmle.label | 1 |
| arrays.js:95:3:95:36 | [ExprStmt] sink([" ... => x)); | arrays.js:95:3:95:35 | [CallExpr] sink([" ... => x)) | semmle.order | 1 |
| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | arrays.js:95:3:95:6 | [VarRef] sink | semmle.label | 0 |
| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | arrays.js:95:3:95:6 | [VarRef] sink | semmle.order | 0 |
| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | semmle.label | 1 |
| arrays.js:95:3:95:19 | [ExprStmt] sink(["source"]); | arrays.js:95:3:95:18 | [CallExpr] sink(["source"]) | semmle.order | 1 |
| arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | arrays.js:95:9:95:16 | [Literal] "source" | semmle.label | 1 |
| arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | arrays.js:95:9:95:16 | [Literal] "source" | semmle.order | 1 |
| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.label | 1 |
| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.order | 1 |
| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | arrays.js:95:19:95:24 | [Label] filter | semmle.label | 2 |
| arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | arrays.js:95:19:95:24 | [Label] filter | semmle.order | 2 |
| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | semmle.label | 0 |
| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | arrays.js:95:8:95:24 | [DotExpr] ["source"].filter | semmle.order | 0 |
| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | arrays.js:95:33:95:33 | [VarRef] x | semmle.label | 5 |
| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | arrays.js:95:33:95:33 | [VarRef] x | semmle.order | 5 |
| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | file://:0:0:0:0 | (Parameters) | semmle.label | 1 |
| arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | file://:0:0:0:0 | (Parameters) | semmle.order | 1 |
| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | arrays.js:96:3:96:6 | [VarRef] sink | semmle.label | 0 |
| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | arrays.js:96:3:96:6 | [VarRef] sink | semmle.order | 0 |
| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | semmle.label | 1 |
| arrays.js:96:3:96:38 | [ExprStmt] sink([" ... !!x)); | arrays.js:96:3:96:37 | [CallExpr] sink([" ... > !!x)) | semmle.order | 1 |
| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | arrays.js:96:3:96:6 | [VarRef] sink | semmle.label | 0 |
| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | arrays.js:96:3:96:6 | [VarRef] sink | semmle.order | 0 |
| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | semmle.label | 1 |
| arrays.js:96:3:96:42 | [ExprStmt] sink([" ... pop()); | arrays.js:96:3:96:41 | [CallExpr] sink([" ... .pop()) | semmle.order | 1 |
| arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | arrays.js:96:9:96:16 | [Literal] "source" | semmle.label | 1 |
| arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | arrays.js:96:9:96:16 | [Literal] "source" | semmle.order | 1 |
| arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | semmle.label | 1 |
| arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | arrays.js:96:8:96:17 | [ArrayExpr] ["source"] | semmle.order | 1 |
| arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | arrays.js:96:19:96:24 | [Label] filter | semmle.label | 2 |
| arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | arrays.js:96:19:96:24 | [Label] filter | semmle.order | 2 |
| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.label | 0 |
| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.order | 0 |
| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | arrays.js:96:33:96:35 | [UnaryExpr] !!x | semmle.label | 5 |
| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | arrays.js:96:33:96:35 | [UnaryExpr] !!x | semmle.order | 5 |
| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | file://:0:0:0:0 | (Parameters) | semmle.label | 1 |
| arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | file://:0:0:0:0 | (Parameters) | semmle.order | 1 |
| arrays.js:96:33:96:35 | [UnaryExpr] !!x | arrays.js:96:34:96:35 | [UnaryExpr] !x | semmle.label | 1 |
| arrays.js:96:33:96:35 | [UnaryExpr] !!x | arrays.js:96:34:96:35 | [UnaryExpr] !x | semmle.order | 1 |
| arrays.js:96:34:96:35 | [UnaryExpr] !x | arrays.js:96:35:96:35 | [VarRef] x | semmle.label | 1 |
| arrays.js:96:34:96:35 | [UnaryExpr] !x | arrays.js:96:35:96:35 | [VarRef] x | semmle.order | 1 |
| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.label | 0 |
| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | arrays.js:96:8:96:24 | [DotExpr] ["source"].filter | semmle.order | 0 |
| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.label | 1 |
| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | arrays.js:96:8:96:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.order | 1 |
| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | arrays.js:96:36:96:38 | [Label] pop | semmle.label | 2 |
| arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | arrays.js:96:36:96:38 | [Label] pop | semmle.order | 2 |
| arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | semmle.label | 0 |
| arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | arrays.js:96:8:96:38 | [DotExpr] ["sourc ... x).pop | semmle.order | 0 |
| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | arrays.js:96:33:96:33 | [VarRef] x | semmle.label | 5 |
| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | arrays.js:96:33:96:33 | [VarRef] x | semmle.order | 5 |
| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | file://:0:0:0:0 | (Parameters) | semmle.label | 1 |
| arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | file://:0:0:0:0 | (Parameters) | semmle.order | 1 |
| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | arrays.js:97:3:97:6 | [VarRef] sink | semmle.label | 0 |
| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | arrays.js:97:3:97:6 | [VarRef] sink | semmle.order | 0 |
| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | semmle.label | 1 |
| arrays.js:97:3:97:44 | [ExprStmt] sink([" ... pop()); | arrays.js:97:3:97:43 | [CallExpr] sink([" ... .pop()) | semmle.order | 1 |
| arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | arrays.js:97:9:97:16 | [Literal] "source" | semmle.label | 1 |
| arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | arrays.js:97:9:97:16 | [Literal] "source" | semmle.order | 1 |
| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | semmle.label | 1 |
| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | arrays.js:97:8:97:17 | [ArrayExpr] ["source"] | semmle.order | 1 |
| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | arrays.js:97:19:97:24 | [Label] filter | semmle.label | 2 |
| arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | arrays.js:97:19:97:24 | [Label] filter | semmle.order | 2 |
| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | semmle.label | 0 |
| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | arrays.js:97:8:97:24 | [DotExpr] ["source"].filter | semmle.order | 0 |
| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.label | 1 |
| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | arrays.js:97:8:97:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.order | 1 |
| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | arrays.js:97:38:97:40 | [Label] pop | semmle.label | 2 |
| arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | arrays.js:97:38:97:40 | [Label] pop | semmle.order | 2 |
| arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | semmle.label | 0 |
| arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | arrays.js:97:8:97:40 | [DotExpr] ["sourc ... !x).pop | semmle.order | 0 |
| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | arrays.js:97:33:97:35 | [UnaryExpr] !!x | semmle.label | 5 |
| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | arrays.js:97:33:97:35 | [UnaryExpr] !!x | semmle.order | 5 |
| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | file://:0:0:0:0 | (Parameters) | semmle.label | 1 |
| arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | file://:0:0:0:0 | (Parameters) | semmle.order | 1 |
| arrays.js:97:33:97:35 | [UnaryExpr] !!x | arrays.js:97:34:97:35 | [UnaryExpr] !x | semmle.label | 1 |
| arrays.js:97:33:97:35 | [UnaryExpr] !!x | arrays.js:97:34:97:35 | [UnaryExpr] !x | semmle.order | 1 |
| arrays.js:97:34:97:35 | [UnaryExpr] !x | arrays.js:97:35:97:35 | [VarRef] x | semmle.label | 1 |
| arrays.js:97:34:97:35 | [UnaryExpr] !x | arrays.js:97:35:97:35 | [VarRef] x | semmle.order | 1 |
| file://:0:0:0:0 | (Arguments) | arrays.js:5:8:5:14 | [DotExpr] obj.foo | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:5:8:5:14 | [DotExpr] obj.foo | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:8:12:8:17 | [VarRef] source | semmle.label | 0 |
@@ -1398,14 +1432,16 @@ edges
| file://:0:0:0:0 | (Arguments) | arrays.js:93:8:93:17 | [MethodCallExpr] arr.at(-1) | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:93:15:93:16 | [UnaryExpr] -1 | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:93:15:93:16 | [UnaryExpr] -1 | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:95:8:95:34 | [MethodCallExpr] ["sourc ... ) => x) | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:95:26:95:33 | [ArrowFunctionExpr] (x) => x | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:96:8:96:36 | [MethodCallExpr] ["sourc ... => !!x) | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:96:26:96:35 | [ArrowFunctionExpr] (x) => !!x | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:95:8:95:17 | [ArrayExpr] ["source"] | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:96:8:96:40 | [MethodCallExpr] ["sourc ... ).pop() | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:96:26:96:33 | [ArrowFunctionExpr] (x) => x | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:97:8:97:42 | [MethodCallExpr] ["sourc ... ).pop() | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:97:26:97:35 | [ArrowFunctionExpr] (x) => !!x | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:15:16:15:16 | [SimpleParameter] e | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:15:16:15:16 | [SimpleParameter] e | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:16:12:16:12 | [SimpleParameter] e | semmle.label | 0 |
@@ -1420,9 +1456,9 @@ edges
| file://:0:0:0:0 | (Parameters) | arrays.js:53:26:53:26 | [SimpleParameter] i | semmle.order | 1 |
| file://:0:0:0:0 | (Parameters) | arrays.js:53:29:53:31 | [SimpleParameter] ary | semmle.label | 2 |
| file://:0:0:0:0 | (Parameters) | arrays.js:53:29:53:31 | [SimpleParameter] ary | semmle.order | 2 |
| file://:0:0:0:0 | (Parameters) | arrays.js:95:27:95:27 | [SimpleParameter] x | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:95:27:95:27 | [SimpleParameter] x | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:96:27:96:27 | [SimpleParameter] x | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:96:27:96:27 | [SimpleParameter] x | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:97:27:97:27 | [SimpleParameter] x | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:97:27:97:27 | [SimpleParameter] x | semmle.order | 0 |
graphProperties
| semmle.graphKind | tree |

34
javascript/ql/test/library-tests/DataFlow/tests.expected
View File

@@ -15,7 +15,6 @@ basicBlock
| arguments.js:1:1:12:4 | (functi ... );\\n})() | arguments.js:1:1:1:0 | entry node of <toplevel> |
| arguments.js:1:1:12:4 | exceptional return of (functi ... );\\n})() | arguments.js:1:1:1:0 | entry node of <toplevel> |
| arguments.js:1:2:1:1 | this | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} |
| arguments.js:1:2:12:1 | 'arguments' object of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} |
| arguments.js:1:2:12:1 | [function self-reference] functio ... , 3);\\n} | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} |
| arguments.js:1:2:12:1 | exceptional return of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} |
| arguments.js:1:2:12:1 | functio ... , 3);\\n} | arguments.js:1:1:1:0 | entry node of <toplevel> |
@@ -70,7 +69,6 @@ basicBlock
| arguments.js:11:13:11:13 | 3 | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} |
| eval.js:1:1:1:0 | this | eval.js:1:1:1:0 | entry node of <toplevel> |
| eval.js:1:1:1:0 | this | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} |
| eval.js:1:1:5:1 | 'arguments' object of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} |
| eval.js:1:1:5:1 | [function self-reference] functio ... eval`\\n} | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} |
| eval.js:1:1:5:1 | exceptional return of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} |
| eval.js:1:1:5:1 | functio ... eval`\\n} | eval.js:1:1:1:0 | entry node of <toplevel> |
@@ -91,7 +89,6 @@ basicBlock
| sources.js:1:5:1:12 | (x => x) | sources.js:1:1:1:0 | entry node of <toplevel> |
| sources.js:1:6:1:6 | x | sources.js:1:6:1:5 | entry node of x => x |
| sources.js:1:6:1:6 | x | sources.js:1:6:1:5 | entry node of x => x |
| sources.js:1:6:1:11 | 'arguments' object of anonymous function | sources.js:1:6:1:5 | entry node of x => x |
| sources.js:1:6:1:11 | [function self-reference] x => x | sources.js:1:6:1:5 | entry node of x => x |
| sources.js:1:6:1:11 | exceptional return of anonymous function | sources.js:1:6:1:5 | entry node of x => x |
| sources.js:1:6:1:11 | return of anonymous function | sources.js:1:6:1:5 | entry node of x => x |
@@ -101,7 +98,6 @@ basicBlock
| sources.js:3:1:5:6 | (functi ... \\n})(23) | sources.js:1:1:1:0 | entry node of <toplevel> |
| sources.js:3:1:5:6 | exceptional return of (functi ... \\n})(23) | sources.js:1:1:1:0 | entry node of <toplevel> |
| sources.js:3:2:3:1 | this | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} |
| sources.js:3:2:5:1 | 'arguments' object of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} |
| sources.js:3:2:5:1 | [function self-reference] functio ... x+19;\\n} | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} |
| sources.js:3:2:5:1 | exceptional return of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} |
| sources.js:3:2:5:1 | functio ... x+19;\\n} | sources.js:1:1:1:0 | entry node of <toplevel> |
@@ -114,7 +110,6 @@ basicBlock
| sources.js:5:4:5:5 | 23 | sources.js:1:1:1:0 | entry node of <toplevel> |
| sources.js:7:1:7:3 | /x/ | sources.js:1:1:1:0 | entry node of <toplevel> |
| sources.js:9:1:9:0 | this | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} |
| sources.js:9:1:12:1 | 'arguments' object of function foo | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} |
| sources.js:9:1:12:1 | [function self-reference] functio ... ey; }\\n} | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} |
| sources.js:9:1:12:1 | exceptional return of function foo | sources.js:12:2:12:1 | exit node of functio ... ey; }\\n} |
| sources.js:9:1:12:1 | functio ... ey; }\\n} | sources.js:1:1:1:0 | entry node of <toplevel> |
@@ -152,7 +147,6 @@ basicBlock
| tst2.ts:4:3:4:3 | x | tst2.ts:1:1:1:0 | entry node of <toplevel> |
| tst2.ts:7:1:7:0 | A | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} |
| tst2.ts:7:1:7:0 | this | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} |
| tst2.ts:7:1:9:1 | 'arguments' object of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} |
| tst2.ts:7:1:9:1 | [function self-reference] functio ... = 23;\\n} | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} |
| tst2.ts:7:1:9:1 | exceptional return of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} |
| tst2.ts:7:1:9:1 | functio ... = 23;\\n} | tst2.ts:1:1:1:0 | entry node of <toplevel> |
@@ -174,7 +168,6 @@ basicBlock
| tst2.ts:13:7:13:16 | StringList | tst2.ts:1:1:1:0 | entry node of <toplevel> |
| tst2.ts:13:26:13:29 | List | tst2.ts:1:1:1:0 | entry node of <toplevel> |
| tst2.ts:13:26:13:37 | List<string> | tst2.ts:1:1:1:0 | entry node of <toplevel> |
| tst2.ts:13:39:13:38 | 'arguments' object of default constructor of class StringList | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } |
| tst2.ts:13:39:13:38 | (...arg ... rgs); } | tst2.ts:1:1:1:0 | entry node of <toplevel> |
| tst2.ts:13:39:13:38 | ...args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } |
| tst2.ts:13:39:13:38 | [function self-reference] (...arg ... rgs); } | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } |
@@ -243,7 +236,6 @@ basicBlock
| tst.js:16:1:20:9 | (functi ... ("arg") | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:16:1:20:9 | exceptional return of (functi ... ("arg") | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:16:2:16:1 | this | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} |
| tst.js:16:2:20:1 | 'arguments' object of function f | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} |
| tst.js:16:2:20:1 | [function self-reference] functio ... n "";\\n} | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} |
| tst.js:16:2:20:1 | exceptional return of function f | tst.js:20:2:20:1 | exit node of functio ... n "";\\n} |
| tst.js:16:2:20:1 | functio ... n "";\\n} | tst.js:16:1:20:10 | (functi ... "arg"); |
@@ -278,7 +270,6 @@ basicBlock
| tst.js:28:1:30:3 | (() =>\\n ... les\\n)() | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:28:1:30:3 | exceptional return of (() =>\\n ... les\\n)() | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:28:2:28:1 | x | tst.js:28:2:28:1 | entry node of () =>\\n x |
| tst.js:28:2:29:3 | 'arguments' object of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x |
| tst.js:28:2:29:3 | () =>\\n x | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:28:2:29:3 | [function self-reference] () =>\\n x | tst.js:28:2:28:1 | entry node of () =>\\n x |
| tst.js:28:2:29:3 | exceptional return of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x |
@@ -286,7 +277,6 @@ basicBlock
| tst.js:29:3:29:3 | x | tst.js:28:2:28:1 | entry node of () =>\\n x |
| tst.js:32:1:32:0 | this | tst.js:32:1:32:0 | entry node of functio ... ables\\n} |
| tst.js:32:1:32:0 | x | tst.js:32:1:32:0 | entry node of functio ... ables\\n} |
| tst.js:32:1:34:1 | 'arguments' object of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} |
| tst.js:32:1:34:1 | [function self-reference] functio ... ables\\n} | tst.js:32:1:32:0 | entry node of functio ... ables\\n} |
| tst.js:32:1:34:1 | exceptional return of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} |
| tst.js:32:1:34:1 | functio ... ables\\n} | tst.js:16:1:20:10 | (functi ... "arg"); |
@@ -311,7 +301,6 @@ basicBlock
| tst.js:39:3:41:3 | m() {\\n this;\\n } | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:39:3:41:3 | m() {\\n this;\\n } | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:39:4:39:3 | this | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } |
| tst.js:39:4:41:3 | 'arguments' object of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } |
| tst.js:39:4:41:3 | () {\\n this;\\n } | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:39:4:41:3 | [function self-reference] () {\\n this;\\n } | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } |
| tst.js:39:4:41:3 | exceptional return of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } |
@@ -337,7 +326,6 @@ basicBlock
| tst.js:50:3:53:3 | constru ... et`\\n } | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:50:3:53:3 | constru ... et`\\n } | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:50:14:50:13 | this | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } |
| tst.js:50:14:53:3 | 'arguments' object of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } |
| tst.js:50:14:53:3 | () {\\n ... et`\\n } | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:50:14:53:3 | [function self-reference] () {\\n ... et`\\n } | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } |
| tst.js:50:14:53:3 | exceptional return of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } |
@@ -365,7 +353,6 @@ basicBlock
| tst.js:62:1:62:4 | o::g | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:62:4:62:4 | g | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:64:1:64:0 | this | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} |
| tst.js:64:1:67:1 | 'arguments' object of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} |
| tst.js:64:1:67:1 | [function self-reference] functio ... lysed\\n} | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} |
| tst.js:64:1:67:1 | exceptional return of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} |
| tst.js:64:1:67:1 | functio ... lysed\\n} | tst.js:16:1:20:10 | (functi ... "arg"); |
@@ -390,7 +377,6 @@ basicBlock
| tst.js:69:6:69:9 | next | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:69:11:69:12 | 23 | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:71:1:71:0 | this | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} |
| tst.js:71:1:73:1 | 'arguments' object of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} |
| tst.js:71:1:73:1 | [function self-reference] async f ... lysed\\n} | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} |
| tst.js:71:1:73:1 | async f ... lysed\\n} | tst.js:16:1:20:10 | (functi ... "arg"); |
| tst.js:71:1:73:1 | exceptional return of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} |
@@ -434,7 +420,6 @@ basicBlock
| tst.js:87:1:96:2 | (functi ... r: 0\\n}) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) |
| tst.js:87:1:96:2 | exceptional return of (functi ... r: 0\\n}) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) |
| tst.js:87:2:87:1 | this | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} |
| tst.js:87:2:92:1 | 'arguments' object of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} |
| tst.js:87:2:92:1 | [function self-reference] functio ... + z;\\n} | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} |
| tst.js:87:2:92:1 | exceptional return of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} |
| tst.js:87:2:92:1 | functio ... + z;\\n} | tst.js:85:5:85:28 | vs2 = ( ... o) v ) |
@@ -489,7 +474,6 @@ basicBlock
| tst.js:98:1:103:17 | (functi ... 3, 0 ]) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) |
| tst.js:98:1:103:17 | exceptional return of (functi ... 3, 0 ]) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) |
| tst.js:98:2:98:1 | this | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} |
| tst.js:98:2:103:1 | 'arguments' object of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} |
| tst.js:98:2:103:1 | [function self-reference] functio ... + z;\\n} | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} |
| tst.js:98:2:103:1 | exceptional return of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} |
| tst.js:98:2:103:1 | functio ... + z;\\n} | tst.js:85:5:85:28 | vs2 = ( ... o) v ) |
@@ -532,7 +516,6 @@ basicBlock
| tst.js:105:6:105:6 | y | tst.js:105:6:105:6 | y |
| tst.js:107:1:113:2 | (functi ... v2c;\\n}) | tst.js:107:1:113:3 | (functi ... 2c;\\n}); |
| tst.js:107:2:107:1 | this | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} |
| tst.js:107:2:113:1 | 'arguments' object of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} |
| tst.js:107:2:113:1 | [function self-reference] functio ... v2c;\\n} | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} |
| tst.js:107:2:113:1 | exceptional return of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} |
| tst.js:107:2:113:1 | functio ... v2c;\\n} | tst.js:107:1:113:3 | (functi ... 2c;\\n}); |
@@ -1479,7 +1462,6 @@ sources
| arguments.js:1:1:1:0 | this |
| arguments.js:1:1:12:4 | (functi ... );\\n})() |
| arguments.js:1:2:1:1 | this |
| arguments.js:1:2:12:1 | 'arguments' object of anonymous function |
| arguments.js:1:2:12:1 | functio ... , 3);\\n} |
| arguments.js:1:2:12:1 | return of anonymous function |
| arguments.js:2:5:2:4 | this |
@@ -1495,7 +1477,6 @@ sources
| arguments.js:11:5:11:14 | f(1, 2, 3) |
| eval.js:1:1:1:0 | this |
| eval.js:1:1:1:0 | this |
| eval.js:1:1:5:1 | 'arguments' object of function k |
| eval.js:1:1:5:1 | functio ... eval`\\n} |
| eval.js:1:1:5:1 | return of function k |
| eval.js:3:3:3:6 | eval |
@@ -1505,18 +1486,15 @@ sources
| sources.js:1:1:1:0 | this |
| sources.js:1:1:1:12 | new (x => x) |
| sources.js:1:6:1:6 | x |
| sources.js:1:6:1:11 | 'arguments' object of anonymous function |
| sources.js:1:6:1:11 | return of anonymous function |
| sources.js:1:6:1:11 | x => x |
| sources.js:3:1:5:6 | (functi ... \\n})(23) |
| sources.js:3:2:3:1 | this |
| sources.js:3:2:5:1 | 'arguments' object of anonymous function |
| sources.js:3:2:5:1 | functio ... x+19;\\n} |
| sources.js:3:2:5:1 | return of anonymous function |
| sources.js:3:11:3:11 | x |
| sources.js:7:1:7:3 | /x/ |
| sources.js:9:1:9:0 | this |
| sources.js:9:1:12:1 | 'arguments' object of function foo |
| sources.js:9:1:12:1 | functio ... ey; }\\n} |
| sources.js:9:1:12:1 | return of function foo |
| sources.js:9:14:9:18 | array |
@@ -1526,14 +1504,12 @@ sources
| tst2.ts:1:1:1:0 | this |
| tst2.ts:3:3:3:8 | setX() |
| tst2.ts:7:1:7:0 | this |
| tst2.ts:7:1:9:1 | 'arguments' object of function setX |
| tst2.ts:7:1:9:1 | functio ... = 23;\\n} |
| tst2.ts:7:1:9:1 | return of function setX |
| tst2.ts:8:3:8:5 | A.x |
| tst2.ts:11:11:11:13 | A.x |
| tst2.ts:13:1:13:40 | class S ... ing> {} |
| tst2.ts:13:26:13:29 | List |
| tst2.ts:13:39:13:38 | 'arguments' object of default constructor of class StringList |
| tst2.ts:13:39:13:38 | (...arg ... rgs); } |
| tst2.ts:13:39:13:38 | args |
| tst2.ts:13:39:13:38 | return of default constructor of class StringList |
@@ -1547,7 +1523,6 @@ sources
| tst.js:4:9:4:12 | "hi" |
| tst.js:16:1:20:9 | (functi ... ("arg") |
| tst.js:16:2:16:1 | this |
| tst.js:16:2:20:1 | 'arguments' object of function f |
| tst.js:16:2:20:1 | functio ... n "";\\n} |
| tst.js:16:2:20:1 | return of function f |
| tst.js:16:13:16:13 | a |
@@ -1558,18 +1533,15 @@ sources
| tst.js:20:4:20:8 | "arg" |
| tst.js:22:7:22:18 | readFileSync |
| tst.js:28:1:30:3 | (() =>\\n ... les\\n)() |
| tst.js:28:2:29:3 | 'arguments' object of anonymous function |
| tst.js:28:2:29:3 | () =>\\n x |
| tst.js:28:2:29:3 | return of anonymous function |
| tst.js:32:1:32:0 | this |
| tst.js:32:1:34:1 | 'arguments' object of function g |
| tst.js:32:1:34:1 | functio ... ables\\n} |
| tst.js:32:1:34:1 | return of function g |
| tst.js:32:12:32:12 | b |
| tst.js:35:1:35:7 | g(true) |
| tst.js:37:9:42:1 | {\\n x: ... ;\\n }\\n} |
| tst.js:39:4:39:3 | this |
| tst.js:39:4:41:3 | 'arguments' object of method m |
| tst.js:39:4:41:3 | () {\\n this;\\n } |
| tst.js:39:4:41:3 | return of method m |
| tst.js:43:1:43:3 | o.x |
@@ -1581,7 +1553,6 @@ sources
| tst.js:49:1:54:1 | class A ... `\\n }\\n} |
| tst.js:49:17:49:17 | B |
| tst.js:50:14:50:13 | this |
| tst.js:50:14:53:3 | 'arguments' object of constructor of class A |
| tst.js:50:14:53:3 | () {\\n ... et`\\n } |
| tst.js:50:14:53:3 | return of constructor of class A |
| tst.js:51:5:51:13 | super(42) |
@@ -1591,7 +1562,6 @@ sources
| tst.js:61:3:61:5 | o.m |
| tst.js:62:1:62:4 | o::g |
| tst.js:64:1:64:0 | this |
| tst.js:64:1:67:1 | 'arguments' object of function h |
| tst.js:64:1:67:1 | functio ... lysed\\n} |
| tst.js:64:1:67:1 | return of function h |
| tst.js:65:3:65:10 | yield 42 |
@@ -1600,7 +1570,6 @@ sources
| tst.js:69:1:69:9 | iter.next |
| tst.js:69:1:69:13 | iter.next(23) |
| tst.js:71:1:71:0 | this |
| tst.js:71:1:73:1 | 'arguments' object of function k |
| tst.js:71:1:73:1 | async f ... lysed\\n} |
| tst.js:71:1:73:1 | return of function k |
| tst.js:72:3:72:11 | await p() |
@@ -1613,7 +1582,6 @@ sources
| tst.js:85:11:85:28 | ( for (v of o) v ) |
| tst.js:87:1:96:2 | (functi ... r: 0\\n}) |
| tst.js:87:2:87:1 | this |
| tst.js:87:2:92:1 | 'arguments' object of anonymous function |
| tst.js:87:2:92:1 | functio ... + z;\\n} |
| tst.js:87:2:92:1 | return of anonymous function |
| tst.js:87:11:87:24 | { p: x, ...o } |
@@ -1624,7 +1592,6 @@ sources
| tst.js:92:4:96:1 | {\\n p: ... r: 0\\n} |
| tst.js:98:1:103:17 | (functi ... 3, 0 ]) |
| tst.js:98:2:98:1 | this |
| tst.js:98:2:103:1 | 'arguments' object of anonymous function |
| tst.js:98:2:103:1 | functio ... + z;\\n} |
| tst.js:98:2:103:1 | return of anonymous function |
| tst.js:98:11:98:24 | [ x, ...rest ] |
@@ -1634,7 +1601,6 @@ sources
| tst.js:101:7:101:7 | z |
| tst.js:103:4:103:16 | [ 19, 23, 0 ] |
| tst.js:107:2:107:1 | this |
| tst.js:107:2:113:1 | 'arguments' object of anonymous function |
| tst.js:107:2:113:1 | functio ... v2c;\\n} |
| tst.js:107:2:113:1 | return of anonymous function |
| tst.js:108:7:108:9 | v1a |

3
javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected
View File

@@ -16,10 +16,9 @@ postHasUniquePre
uniquePostUpdate
postIsInSameCallable
reverseRead
| tst.js:109:11:113:3 | 'arguments' object of anonymous function | Origin of readStep is missing a PostUpdateNode. |
| tst.js:109:11:113:3 | [dynamic parameter array] | Origin of readStep is missing a PostUpdateNode. |
| tst.js:267:28:267:31 | map3 | Origin of readStep is missing a PostUpdateNode. |
argHasPostUpdate
| tst.js:219:18:219:27 | [source()] | ArgumentNode is missing PostUpdateNode. |
postWithInFlow
| file://:0:0:0:0 | [summary] to write: Argument[1] in Array method with flow into callback | PostUpdateNode should not be the target of local flow. |
| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#filter | PostUpdateNode should not be the target of local flow. |

31
javascript/ql/test/library-tests/FlowSummary/tst.js
View File

@@ -268,3 +268,34 @@ function m17() {
sink(value); // NOT OK
}
}
function m18() {
const staticParam0 = mkSummary("Argument[0]", "ReturnValue");
const staticParam1 = mkSummary("Argument[1]", "ReturnValue");
const dynamicParam0 = mkSummary("Argument[0..]", "ReturnValue");
const dynamicParam1 = mkSummary("Argument[1..]", "ReturnValue");
sink(staticParam0(...[source()])); // NOT OK
sink(staticParam0(...["safe", source()])); // OK
sink(staticParam0(...[source(), "safe", ])); // NOT OK
sink(staticParam0("safe", ...[source()])); // OK
sink(staticParam0(source(), ...["safe"])); // NOT OK
sink(staticParam1(...[source()])); // OK
sink(staticParam1(...["safe", source()])); // NOT OK
sink(staticParam1(...[source(), "safe", ])); // OK
sink(staticParam1("safe", ...[source()])); // NOT OK
sink(staticParam1(source(), ...["safe"])); // OK
sink(dynamicParam0(...[source()])); // NOT OK
sink(dynamicParam0(...["safe", source()])); // NOT OK
sink(dynamicParam0(...[source(), "safe", ])); // NOT OK
sink(dynamicParam0("safe", ...[source()])); // NOT OK
sink(dynamicParam0(source(), ...["safe"])); // NOT OK
sink(dynamicParam1(...[source()])); // OK
sink(dynamicParam1(...["safe", source()])); // NOT OK
sink(dynamicParam1(...[source(), "safe", ])); // OK
sink(dynamicParam1("safe", ...[source()])); // NOT OK
sink(dynamicParam1(source(), ...["safe"])); // OK
}

2
javascript/ql/test/library-tests/Promises/flow2.js
View File

@@ -2,7 +2,7 @@
var source = "source";
Promise.all([source, "clean"]).then((arr) => {
sink(arr); // OK
sink(arr); // NOT OK - implicit read of array element
sink(arr[0]); // NOT OK
sink(arr[1]); // OK
})

2
javascript/ql/test/library-tests/Promises/tests.expected
View File

@@ -274,6 +274,7 @@ flow
| flow.js:136:15:136:22 | "source" | flow.js:142:7:142:19 | await async() |
| flow.js:136:15:136:22 | "source" | flow.js:155:9:155:9 | e |
exclusiveTaintFlow
| flow2.js:2:15:2:22 | "source" | flow2.js:5:8:5:10 | arr |
| flow.js:136:15:136:22 | "source" | flow.js:141:7:141:13 | async() |
| flow.js:160:15:160:22 | "source" | flow.js:164:39:164:39 | x |
| flow.js:160:15:160:22 | "source" | flow.js:167:7:167:9 | foo |
@@ -466,3 +467,4 @@ typetrack
valueFlowDifference
| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | only flow with NEW data flow library |
taintFlowDifference
| flow2.js:2:15:2:22 | "source" | flow2.js:5:8:5:10 | arr | only flow with NEW data flow library |

33
javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
View File

@@ -1,5 +1,15 @@
legacyDataFlowDifference
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:27:8:27:13 | arr[0] | only flow with OLD data flow library |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:33:8:33:13 | arr[0] | only flow with OLD data flow library |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:35:8:35:13 | arr[2] | only flow with OLD data flow library |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:36:8:36:13 | arr[3] | only flow with OLD data flow library |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:37:8:37:13 | arr[4] | only flow with OLD data flow library |
| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library |
| call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | only flow with NEW data flow library |
| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | only flow with NEW data flow library |
| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | only flow with NEW data flow library |
| call-apply.js:27:14:27:21 | source() | call-apply.js:41:6:41:28 | foo1_ca ... ource]) | only flow with OLD data flow library |
| call-apply.js:27:14:27:21 | source() | call-apply.js:59:10:59:21 | arguments[1] | only flow with OLD data flow library |
| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library |
| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library |
| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library |
@@ -24,6 +34,9 @@ legacyDataFlowDifference
| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | only flow with OLD data flow library |
| promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library |
| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library |
| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library |
| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library |
| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
consistencyIssue
| library-tests/TaintTracking/nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency |
| library-tests/TaintTracking/stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency |
@@ -42,13 +55,8 @@ flow
| array-mutation.js:39:17:39:24 | source() | array-mutation.js:40:8:40:8 | j |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:17:8:17:13 | arr[1] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:22:8:22:13 | arr[6] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:27:8:27:13 | arr[0] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:28:8:28:13 | arr[1] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:33:8:33:13 | arr[0] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:34:8:34:13 | arr[1] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:35:8:35:13 | arr[2] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:36:8:36:13 | arr[3] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:37:8:37:13 | arr[4] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:43:10:43:15 | arr[i] |
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:55:10:55:15 | arr[i] |
@@ -71,11 +79,8 @@ flow
| call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 |
| call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | foo1.ca ... ce, "") |
| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) |
| call-apply.js:27:14:27:21 | source() | call-apply.js:33:6:33:35 | foo2.ap ... e, ""]) |
| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) |
| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:28 | foo1_ca ... e, ""]) |
| call-apply.js:27:14:27:21 | source() | call-apply.js:41:6:41:28 | foo1_ca ... ource]) |
| call-apply.js:27:14:27:21 | source() | call-apply.js:59:10:59:21 | arguments[1] |
| call-apply.js:27:14:27:21 | source() | call-apply.js:62:10:62:21 | arguments[0] |
| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) |
| call-apply.js:81:17:81:24 | source() | call-apply.js:78:8:78:11 | this |
@@ -250,10 +255,12 @@ flow
| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:93:8:93:8 | x |
| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x |
| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:104:7:104:7 | x |
| spread.js:2:15:2:22 | source() | spread.js:4:8:4:19 | { ...taint } |
| spread.js:2:15:2:22 | source() | spread.js:5:8:5:43 | { f: 'h ... orld' } |
| spread.js:2:15:2:22 | source() | spread.js:7:8:7:19 | [ ...taint ] |
| spread.js:2:15:2:22 | source() | spread.js:8:8:8:28 | [ 1, 2, ... nt, 3 ] |
| spread.js:4:15:4:22 | source() | spread.js:6:8:6:19 | { ...taint } |
| spread.js:4:15:4:22 | source() | spread.js:7:8:7:43 | { f: 'h ... orld' } |
| spread.js:4:15:4:22 | source() | spread.js:9:8:9:19 | [ ...taint ] |
| spread.js:4:15:4:22 | source() | spread.js:10:8:10:28 | [ 1, 2, ... nt, 3 ] |
| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y |
| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y |
| static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:5:14:5:22 | RegExp.$1 |
| static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:15:14:15:22 | RegExp.$1 |
| static-capture-groups.js:2:17:2:24 | source() | static-capture-groups.js:17:14:17:22 | RegExp.$1 |
@@ -291,6 +298,8 @@ flow
| tst.js:2:13:2:20 | source() | tst.js:48:10:48:22 | new Buffer(x) |
| tst.js:2:13:2:20 | source() | tst.js:51:10:51:31 | seriali ... ript(x) |
| tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe |
| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured |
| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x |
| xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text |
| xml.js:12:17:12:24 | source() | xml.js:13:14:13:19 | result |
| xml.js:23:18:23:25 | source() | xml.js:20:14:20:17 | attr |

8
javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
View File

@@ -1,6 +1,8 @@
legacyDataFlowDifference
| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | only flow with NEW data flow library |
| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library |
| call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | only flow with NEW data flow library |
| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | only flow with NEW data flow library |
| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | only flow with NEW data flow library |
| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library |
| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library |
@@ -22,8 +24,11 @@ legacyDataFlowDifference
| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library |
| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library |
| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library |
| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library |
| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library |
| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | only flow with NEW data flow library |
| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | only flow with NEW data flow library |
| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library |
flow
| access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x |
| advanced-callgraph.js:2:13:2:20 | source() | advanced-callgraph.js:6:22:6:22 | v |
@@ -177,9 +182,12 @@ flow
| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x |
| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:102:10:102:10 | x |
| sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:104:7:104:7 | x |
| spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y |
| spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y |
| thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field |
| thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 |
| tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x |
| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary |
| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary |
| tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe |
| use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x |

10
javascript/ql/test/library-tests/TaintTracking/arrays-init.js
View File

@@ -24,17 +24,17 @@
console.log("=== access by index (init by [...]) ===");
var arr = [str, source];
sink(arr[0]); // OK [INCONSISTENCY]
sink(arr[0]); // OK
sink(arr[1]); // NOT OK
sink(str); // OK
console.log("=== access by index (init by [...], array.lenght > 5) ===");
var arr = [str, source, 'b', 'c', 'd', source];
sink(arr[0]); // OK [INCONSISTENCY]
sink(arr[0]); // OK
sink(arr[1]); // NOT OK
sink(arr[2]); // OK [INCONSISTENCY]
sink(arr[3]); // OK [INCONSISTENCY]
sink(arr[4]); // OK [INCONSISTENCY]
sink(arr[2]); // OK
sink(arr[3]); // OK
sink(arr[4]); // OK
sink(arr[5]); // NOT OK
console.log("=== access in for (init by [...]) ===");

6
javascript/ql/test/library-tests/TaintTracking/call-apply.js
View File

@@ -30,7 +30,7 @@ sink(foo1.call(null, source, "")); // NOT OK
sink(foo2.call(null, source, "")); // OK
sink(foo1.apply(null, [source, ""])); // NOT OK
sink(foo2.apply(null, [source, ""])); // OK [INCONSISTENCY]
sink(foo2.apply(null, [source, ""])); // OK
sink(foo1_apply([source, ""])); // NOT OK
foo1_apply_sink([source, ""]); // This works, because we don't need a return after a call (the sink is inside the called function).
@@ -38,7 +38,7 @@ foo1_apply_sink([source, ""]); // This works, because we don't need a return aft
sink(foo1_apply.apply(["", source])); // OK
sink(foo1_call([source, ""])); // NOT OK
sink(foo1_call(["", source])); // OK [INCONSISTENCY]
sink(foo1_call(["", source])); // OK
var obj = {
@@ -56,7 +56,7 @@ sink(foo(obj)); // NOT OK
function argumentsObject() {
function sinkArguments1() {
sink(arguments[1]); // OK [INCONSISTENCY]
sink(arguments[1]); // OK
}
function sinkArguments0() {
sink(arguments[0]); // NOT OK

19
javascript/ql/test/library-tests/TaintTracking/spread.js
View File

@@ -1,9 +1,26 @@
import 'dummy';
function test() {
let taint = source();
sink({ ...taint }); // NOT OK
sink({ f: 'hello', ...taint, g: 'world' }); // NOT OK
sink([ ...taint ]); // NOT OK
sink([ 1, 2, ...taint, 3 ]); // NOT OK
fn1(...['x', taint, 'z']);
fn2.apply(undefined, ['x', taint, 'z']);
}
function fn1(x, y, z) {
sink(x);
sink(y); // NOT OK
sink(z);
}
function fn2(x, y, z) {
sink(x);
sink(y); // NOT OK
sink(z);
}

17
javascript/ql/test/library-tests/TaintTracking/use-use-after-implicit-read.js Normal file
View File

@@ -0,0 +1,17 @@
import 'dummy';
function f(x) {
let captured;
function inner() { captured; captured = "sdf"; }
captured = [source(), "safe", x];
sink(captured); // NOT OK - implicit read of ArrayElement
g.apply(undefined, captured); // with use-use flow the output of an implicit read might flow here
return captured;
}
function g(x, y) {
sink(x); // NOT OK
sink(y); // OK
}

0
javascript/ql/test/library-tests/TripleDot/test.expected Normal file
View File

3
javascript/ql/test/library-tests/TripleDot/test.ql Normal file
View File

@@ -0,0 +1,3 @@
import javascript
import testUtilities.InlineFlowTest
import DefaultFlowTest

174
javascript/ql/test/library-tests/TripleDot/tst.js Normal file
View File

@@ -0,0 +1,174 @@
import 'dummy';
function t1() {
function target(...rest) {
sink(rest[0]); // $ hasValueFlow=t1.1
sink(rest[1]); // $ hasValueFlow=t1.2
sink(rest.join(',')); // $ hasTaintFlow=t1.1 hasTaintFlow=t1.2
}
target(source('t1.1'), source('t1.2'));
}
function t2() {
function target(x, ...rest) {
sink(x); // $ hasValueFlow=t2.1
sink(rest.join(',')); // $ hasTaintFlow=t2.2 hasTaintFlow=t2.3
}
target(source('t2.1'), source('t2.2'), source('t2.3'));
}
function t3() {
function finalTarget(x, y, z) {
sink(x); // $ hasValueFlow=t3.1
sink(y); // $ hasValueFlow=t3.2
sink(z); // $ hasValueFlow=t3.3
}
function target(...rest) {
finalTarget(...rest);
}
target(source('t3.1'), source('t3.2'), source('t3.3'));
}
function t4() {
function finalTarget(w, x, y, z) {
sink(w); // $ hasValueFlow=t4.0
sink(x); // $ hasValueFlow=t4.1
sink(y); // $ hasValueFlow=t4.2
sink(z); // $ hasValueFlow=t4.3
}
function target(...rest) {
finalTarget(source('t4.0'), ...rest);
}
target(source('t4.1'), source('t4.2'), source('t4.3'));
}
function t5() {
function finalTarget(w, x, y, z) {
sink(w); // $ hasValueFlow=t5.0
sink(x); // $ hasValueFlow=t5.1
sink(y); // $ hasValueFlow=t5.2
sink(z); // $ hasValueFlow=t5.3
}
function target(array) {
finalTarget(source('t5.0'), ...array);
}
target([source('t5.1'), source('t5.2'), source('t5.3')]);
}
function t6() {
function target(x) {
sink(x); // $ hasValueFlow=t6.1
sink(arguments[0]);// $ hasValueFlow=t6.1
sink(arguments[1]);// $ hasValueFlow=t6.2
sink(arguments[2]);// $ hasValueFlow=t6.3
}
target(source('t6.1'), source('t6.2'), source('t6.3'));
}
function t7() {
function finalTarget(x, y, z) {
sink(x); // $ hasValueFlow=t7.1
sink(y); // $ hasValueFlow=t7.2
sink(z); // $ hasValueFlow=t7.3
}
function target() {
finalTarget(...arguments);
}
target(source('t7.1'), source('t7.2'), source('t7.3'));
}
function t8() {
function finalTarget(x, y, z) {
sink(x); // $ hasValueFlow=t8.1 SPURIOUS: hasValueFlow=t8.3 hasValueFlow=t8.4
sink(y); // $ hasValueFlow=t8.2 SPURIOUS: hasValueFlow=t8.3 hasValueFlow=t8.4
sink(z); // $ hasValueFlow=t8.3 SPURIOUS: hasValueFlow=t8.3 hasValueFlow=t8.4
}
function target(array1, array2) {
finalTarget(...array1, ...array2);
}
target([source('t8.1'), source('t8.2')], [source('t8.3'), source('t8.4')]);
}
function t9() {
function finalTarget(x, y, z) {
sink(x); // $ hasValueFlow=t9.1
sink(y); // $ hasValueFlow=t9.2
sink(z); // $ hasValueFlow=t9.3
}
function target() {
finalTarget.apply(undefined, arguments);
}
target(source('t9.1'), source('t9.2'), source('t9.3'));
}
function t10() {
function finalTarget(x, y, z) {
sink(x); // $ hasValueFlow=t10.1
sink(y); // $ hasValueFlow=t10.2
sink(z); // $ hasValueFlow=t10.3
}
function target(...rest) {
finalTarget.apply(undefined, rest);
}
target(source('t10.1'), source('t10.2'), source('t10.3'));
}
function t11() {
function target(x, y) {
sink(x); // $ hasTaintFlow=t11.1
sink(y); // $ hasTaintFlow=t11.1
}
target(...source('t11.1'));
}
function t12() {
function target(x, y) {
sink(x); // $ SPURIOUS: hasTaintFlow=t12.1
sink(y); // $ hasTaintFlow=t12.1
}
target("safe", ...source('t12.1'));
}
function t13() {
function target(x, y, ...rest) {
sink(x); // $ SPURIOUS: hasTaintFlow=t13.1
sink(y); // $ hasTaintFlow=t13.1
sink(rest); // $ hasTaintFlow=t13.1
sink(rest[0]); // $ MISSING: hasTaintFlow=t13.1
}
target("safe", ...source('t13.1'));
}
function t14() {
function target(x, y, ...rest) {
sink(x); // $ hasValueFlow=t14.1
sink(y); // $ hasValueFlow=t14.1
sink(rest.pop()); // $ hasValueFlow=t14.1
sink(rest); // $ hasTaintFlow=t14.1
}
const args = new Array(Math.floor(Math.random() * 10));
args.push(source('t14.1'));
target(...args);
}
function t15() {
function target(safe, x, y, ...rest) {
sink(safe); // $ SPURIOUS: hasValueFlow=t15.1
sink(x); // $ hasValueFlow=t15.1
sink(y); // $ hasValueFlow=t15.1
sink(rest.pop()); // $ hasValueFlow=t15.1
sink(rest); // $ hasTaintFlow=t15.1
}
const args = new Array(Math.floor(Math.random() * 10));
args.push(source('t15.1'));
target('safe', ...args);
}
function t16() {
let array = new Array(Math.floor(Math.random() * 10))
array.push(source("t16.1"));
sink(array[0]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
sink(array[1]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
sink(array[2]); // $ MISSING: hasValueFlow=t16.1 SPURIOUS: hasTaintFlow=t16.1
sink(array); // $ hasTaintFlow=t16.1
}

8
javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected
View File

@@ -1,10 +1,10 @@
legacyDataFlowDifference
| each.js:11:9:11:16 | source() | each.js:13:12:13:15 | item | only flow with OLD data flow library |
| map.js:10:13:10:20 | source() | map.js:12:14:12:17 | item | only flow with OLD data flow library |
| map.js:26:13:26:20 | source() | map.js:28:27:28:32 | result | only flow with OLD data flow library |
| sortBy.js:10:22:10:29 | source() | sortBy.js:12:27:12:32 | result | only flow with OLD data flow library |
#select
| each.js:11:9:11:16 | source() | each.js:13:12:13:15 | item |
| map.js:10:13:10:20 | source() | map.js:12:14:12:17 | item |
| map.js:20:19:20:26 | source() | map.js:23:27:23:32 | result |
| map.js:26:13:26:20 | source() | map.js:28:27:28:32 | result |
| sortBy.js:10:22:10:29 | source() | sortBy.js:12:27:12:32 | result |
| waterfall.js:8:30:8:37 | source() | waterfall.js:11:12:11:16 | taint |
| waterfall.js:8:30:8:37 | source() | waterfall.js:20:10:20:14 | taint |
| waterfall.js:28:18:28:25 | source() | waterfall.js:39:10:39:12 | err |

1
javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected
View File

@@ -14,7 +14,6 @@ edges
| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | provenance | |
| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | |
| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | provenance | |
| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | |
| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | provenance | |

37
javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected
View File

@@ -16,6 +16,7 @@ edges
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | |
| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | |
@@ -26,12 +27,18 @@ edges
| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | provenance | |
| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | provenance | |
| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | provenance | |
| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
| child_process-test.js:46:9:46:17 | args [1] | child_process-test.js:49:15:49:18 | args [1] | provenance | |
| child_process-test.js:48:5:48:8 | [post update] args [1] | child_process-test.js:46:9:46:17 | args [1] | provenance | |
| child_process-test.js:48:15:48:17 | cmd | child_process-test.js:48:5:48:8 | [post update] args [1] | provenance | |
| child_process-test.js:49:15:49:18 | args [1] | child_process-test.js:66:19:66:22 | args [1] | provenance | |
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) [ArrayElement] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | |
| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] | provenance | |
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) [ArrayElement] | provenance | |
| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | provenance | |
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) [ArrayElement] | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | provenance | |
| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | provenance | |
| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) [ArrayElement] | provenance | |
| child_process-test.js:66:19:66:22 | args [1] | child_process-test.js:66:19:66:22 | args | provenance | |
| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | provenance | |
| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | provenance | |
| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | provenance | |
@@ -46,26 +53,18 @@ edges
| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:9:19:49 | cmd | provenance | |
| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | provenance | |
| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | provenance | |
| execSeries.js:3:20:3:22 | arr | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | provenance | |
| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr | provenance | |
| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | provenance | |
| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:6:14:6:16 | arr [0] | provenance | |
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | execSeries.js:6:14:6:16 | arr [0] | provenance | |
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | execSeries.js:6:14:6:16 | arr | provenance | |
| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] | provenance | |
| execSeries.js:6:14:6:16 | arr [0] | execSeries.js:6:14:6:21 | arr[i++] | provenance | |
| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | provenance | |
| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands | provenance | |
| execSeries.js:13:19:13:26 | commands [0] | execSeries.js:14:13:14:20 | commands [0] | provenance | |
| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr | provenance | |
| execSeries.js:14:13:14:20 | commands [0] | execSeries.js:3:20:3:22 | arr [0] | provenance | |
| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | provenance | |
| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | provenance | |
| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:7:18:58 | cmd | provenance | |
| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | provenance | |
| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | provenance | |
| execSeries.js:19:12:19:16 | [cmd] [0] | execSeries.js:13:19:13:26 | commands [0] | provenance | |
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | provenance | |
| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] [0] | provenance | |
| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | provenance | |
| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | provenance | |
@@ -127,15 +126,22 @@ nodes
| child_process-test.js:25:21:25:23 | cmd | semmle.label | cmd |
| child_process-test.js:39:26:39:28 | cmd | semmle.label | cmd |
| child_process-test.js:43:15:43:17 | cmd | semmle.label | cmd |
| child_process-test.js:46:9:46:17 | args [1] | semmle.label | args [1] |
| child_process-test.js:48:5:48:8 | [post update] args [1] | semmle.label | [post update] args [1] |
| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd |
| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd |
| child_process-test.js:49:15:49:18 | args [1] | semmle.label | args [1] |
| child_process-test.js:53:15:53:17 | cmd | semmle.label | cmd |
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | semmle.label | ['/C', ... , cmd]) |
| child_process-test.js:56:46:56:57 | ["bar", cmd] | semmle.label | ["bar", cmd] |
| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) [ArrayElement] | semmle.label | ['/C', ... , cmd]) [ArrayElement] |
| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | semmle.label | ["bar", cmd] [1] |
| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd |
| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd |
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | semmle.label | ['/C', ... at(cmd) |
| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) [ArrayElement] | semmle.label | ['/C', ... at(cmd) [ArrayElement] |
| child_process-test.js:57:46:57:48 | cmd | semmle.label | cmd |
| child_process-test.js:66:19:66:22 | args | semmle.label | args |
| child_process-test.js:66:19:66:22 | args [1] | semmle.label | args [1] |
| child_process-test.js:73:9:73:49 | cmd | semmle.label | cmd |
| child_process-test.js:73:15:73:38 | url.par ... , true) | semmle.label | url.par ... , true) |
| child_process-test.js:73:25:73:31 | req.url | semmle.label | req.url |
@@ -155,23 +161,17 @@ nodes
| exec-sh.js:19:15:19:38 | url.par ... , true) | semmle.label | url.par ... , true) |
| exec-sh.js:19:25:19:31 | req.url | semmle.label | req.url |
| exec-sh.js:20:12:20:14 | cmd | semmle.label | cmd |
| execSeries.js:3:20:3:22 | arr | semmle.label | arr |
| execSeries.js:3:20:3:22 | arr [0] | semmle.label | arr [0] |
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | semmle.label | (functi ... );\\n }) [arr, 0] |
| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | semmle.label | (functi ... );\\n }) [arr] |
| execSeries.js:6:14:6:16 | arr | semmle.label | arr |
| execSeries.js:6:14:6:16 | arr [0] | semmle.label | arr [0] |
| execSeries.js:6:14:6:21 | arr[i++] | semmle.label | arr[i++] |
| execSeries.js:13:19:13:26 | commands | semmle.label | commands |
| execSeries.js:13:19:13:26 | commands [0] | semmle.label | commands [0] |
| execSeries.js:14:13:14:20 | commands | semmle.label | commands |
| execSeries.js:14:13:14:20 | commands [0] | semmle.label | commands [0] |
| execSeries.js:14:24:14:30 | command | semmle.label | command |
| execSeries.js:14:41:14:47 | command | semmle.label | command |
| execSeries.js:18:7:18:58 | cmd | semmle.label | cmd |
| execSeries.js:18:13:18:47 | require ... , true) | semmle.label | require ... , true) |
| execSeries.js:18:34:18:40 | req.url | semmle.label | req.url |
| execSeries.js:19:12:19:16 | [cmd] | semmle.label | [cmd] |
| execSeries.js:19:12:19:16 | [cmd] [0] | semmle.label | [cmd] [0] |
| execSeries.js:19:13:19:15 | cmd | semmle.label | cmd |
| form-parsers.js:9:8:9:39 | "touch ... nalname | semmle.label | "touch ... nalname |
@@ -239,6 +239,7 @@ subpaths
| child_process-test.js:57:5:57:50 | cp.spaw ... t(cmd)) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:62:5:62:39 | cp.exec ... , args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:53:15:53:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:48:15:48:17 | cmd | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:67:3:67:21 | cp.spawn(cmd, args) | child_process-test.js:6:25:6:31 | req.url | child_process-test.js:66:19:66:22 | args | This command line depends on a $@. | child_process-test.js:6:25:6:31 | req.url | user-provided value |
| child_process-test.js:75:29:75:31 | cmd | child_process-test.js:73:25:73:31 | req.url | child_process-test.js:75:29:75:31 | cmd | This command line depends on a $@. | child_process-test.js:73:25:73:31 | req.url | user-provided value |
| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | This command line depends on a $@. | child_process-test.js:83:19:83:36 | req.query.fileName | user-provided value |
| child_process-test.js:94:11:94:35 | "ping " ... ms.host | child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | This command line depends on a $@. | child_process-test.js:94:21:94:30 | ctx.params | user-provided value |

20
javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected
View File

@@ -28,10 +28,14 @@ edges
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | provenance | |
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | provenance | |
| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | provenance | |
| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | provenance | |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | |
| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | |
| command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | provenance | |
| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | provenance | |
| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | provenance | |
@@ -71,16 +75,24 @@ edges
| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | provenance | |
| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | provenance | |
| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | provenance | |
| command-line-parameter-command-injection.js:76:8:76:35 | argv [ArrayElement] | command-line-parameter-command-injection.js:79:31:79:34 | argv [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | provenance | |
| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:76:8:76:35 | argv [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | provenance | |
| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | provenance | Config |
| command-line-parameter-command-injection.js:79:31:79:34 | argv [ArrayElement] | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | provenance | Config |
| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | provenance | |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | provenance | Config |
| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | provenance | Config |
| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | provenance | |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | provenance | |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) [ArrayElement] | provenance | |
| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | provenance | Config |
| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | provenance | Config |
| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | provenance | |
| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | provenance | |
| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | provenance | Config |
@@ -144,12 +156,15 @@ nodes
| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | semmle.label | "cmd.sh " + arg0 |
| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | semmle.label | arg0 |
| command-line-parameter-command-injection.js:24:8:24:35 | args | semmle.label | args |
| command-line-parameter-command-injection.js:24:8:24:35 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] |
| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | semmle.label | `node $ ... ption"` |
| command-line-parameter-command-injection.js:26:32:26:35 | args | semmle.label | args |
| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | semmle.label | `node $ ... ption"` |
| command-line-parameter-command-injection.js:27:32:27:35 | args | semmle.label | args |
| command-line-parameter-command-injection.js:27:32:27:35 | args [ArrayElement] | semmle.label | args [ArrayElement] |
| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | semmle.label | args.join(' ') |
| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | semmle.label | "cmd.sh ... )().foo |
| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | semmle.label | require ... rgs")() |
@@ -199,19 +214,24 @@ nodes
| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | semmle.label | "cmd.sh " + taint4 |
| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | semmle.label | taint4 |
| command-line-parameter-command-injection.js:76:8:76:35 | argv | semmle.label | argv |
| command-line-parameter-command-injection.js:76:8:76:35 | argv [ArrayElement] | semmle.label | argv [ArrayElement] |
| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] |
| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | semmle.label | "cmd.sh ... gv).foo |
| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | semmle.label | minimist(argv) |
| command-line-parameter-command-injection.js:79:31:79:34 | argv | semmle.label | argv |
| command-line-parameter-command-injection.js:79:31:79:34 | argv [ArrayElement] | semmle.label | argv [ArrayElement] |
| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | semmle.label | subarg( ... ice(2)) |
| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] |
| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo |
| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | semmle.label | yargsPa ... ice(2)) |
| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | semmle.label | process.argv |
| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | semmle.label | process ... lice(2) |
| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] |
| command-line-parameter-command-injection.js:88:6:88:37 | flags | semmle.label | flags |
| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | semmle.label | args.pa ... s.argv) |
| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | semmle.label | process.argv |

29
javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected
View File

@@ -90,16 +90,25 @@ edges
| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | |
| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | provenance | |
| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | provenance | |
| lib/lib.js:425:6:425:13 | arr [ArrayElement] | lib/lib.js:427:14:427:16 | arr [ArrayElement] | provenance | |
| lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:425:6:425:13 | arr | provenance | |
| lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | lib/lib.js:425:6:425:13 | arr [ArrayElement] | provenance | |
| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr | provenance | |
| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | provenance | |
| lib/lib.js:427:14:427:16 | arr [ArrayElement] | lib/lib.js:427:14:427:16 | arr | provenance | |
| lib/lib.js:428:14:428:58 | build(" ... + '-') [ArrayElement] | lib/lib.js:428:14:428:58 | build(" ... + '-') | provenance | |
| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | provenance | |
| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') [ArrayElement] | provenance | |
| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | provenance | |
| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | provenance | |
| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | |
| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | |
| lib/lib.js:432:6:432:13 | arr | lib/lib.js:437:9:437:11 | arr | provenance | |
| lib/lib.js:432:6:432:13 | arr [ArrayElement] | lib/lib.js:437:9:437:11 | arr [ArrayElement] | provenance | |
| lib/lib.js:436:10:436:12 | [post update] arr | lib/lib.js:432:6:432:13 | arr | provenance | |
| lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | lib/lib.js:432:6:432:13 | arr [ArrayElement] | provenance | |
| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr | provenance | |
| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | provenance | |
| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | provenance | |
| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | provenance | |
| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | provenance | |
@@ -116,9 +125,10 @@ edges
| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | provenance | |
| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance | |
| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance | |
| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | provenance | |
| lib/lib.js:555:25:555:37 | ["-rf", name] | lib/lib.js:551:33:551:36 | args | provenance | |
| lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] | provenance | |
| lib/lib.js:551:33:551:36 | args [1] | lib/lib.js:552:23:552:26 | args [1] | provenance | |
| lib/lib.js:552:23:552:26 | args [1] | lib/lib.js:552:23:552:26 | args | provenance | |
| lib/lib.js:555:25:555:37 | ["-rf", name] [1] | lib/lib.js:551:33:551:36 | args [1] | provenance | |
| lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] [1] | provenance | |
| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | provenance | |
| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | provenance | |
| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | provenance | |
@@ -267,19 +277,26 @@ nodes
| lib/lib.js:420:29:420:32 | name | semmle.label | name |
| lib/lib.js:424:24:424:27 | name | semmle.label | name |
| lib/lib.js:425:6:425:13 | arr | semmle.label | arr |
| lib/lib.js:425:6:425:13 | arr [ArrayElement] | semmle.label | arr [ArrayElement] |
| lib/lib.js:426:2:426:4 | [post update] arr | semmle.label | [post update] arr |
| lib/lib.js:426:2:426:4 | [post update] arr [ArrayElement] | semmle.label | [post update] arr [ArrayElement] |
| lib/lib.js:426:11:426:14 | name | semmle.label | name |
| lib/lib.js:426:11:426:14 | name | semmle.label | name |
| lib/lib.js:427:14:427:16 | arr | semmle.label | arr |
| lib/lib.js:427:14:427:16 | arr [ArrayElement] | semmle.label | arr [ArrayElement] |
| lib/lib.js:428:14:428:58 | build(" ... + '-') | semmle.label | build(" ... + '-') |
| lib/lib.js:428:14:428:58 | build(" ... + '-') [ArrayElement] | semmle.label | build(" ... + '-') [ArrayElement] |
| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | semmle.label | (name ? ... ) + '-' |
| lib/lib.js:428:36:428:39 | name | semmle.label | name |
| lib/lib.js:431:23:431:26 | last | semmle.label | last |
| lib/lib.js:432:6:432:13 | arr | semmle.label | arr |
| lib/lib.js:432:6:432:13 | arr [ArrayElement] | semmle.label | arr [ArrayElement] |
| lib/lib.js:436:10:436:12 | [post update] arr | semmle.label | [post update] arr |
| lib/lib.js:436:10:436:12 | [post update] arr [ArrayElement] | semmle.label | [post update] arr [ArrayElement] |
| lib/lib.js:436:19:436:22 | last | semmle.label | last |
| lib/lib.js:436:19:436:22 | last | semmle.label | last |
| lib/lib.js:437:9:437:11 | arr | semmle.label | arr |
| lib/lib.js:437:9:437:11 | arr [ArrayElement] | semmle.label | arr [ArrayElement] |
| lib/lib.js:441:39:441:42 | name | semmle.label | name |
| lib/lib.js:442:24:442:27 | name | semmle.label | name |
| lib/lib.js:446:20:446:23 | name | semmle.label | name |
@@ -301,9 +318,10 @@ nodes
| lib/lib.js:543:23:543:26 | name | semmle.label | name |
| lib/lib.js:545:23:545:26 | name | semmle.label | name |
| lib/lib.js:550:39:550:42 | name | semmle.label | name |
| lib/lib.js:551:33:551:36 | args | semmle.label | args |
| lib/lib.js:551:33:551:36 | args [1] | semmle.label | args [1] |
| lib/lib.js:552:23:552:26 | args | semmle.label | args |
| lib/lib.js:555:25:555:37 | ["-rf", name] | semmle.label | ["-rf", name] |
| lib/lib.js:552:23:552:26 | args [1] | semmle.label | args [1] |
| lib/lib.js:555:25:555:37 | ["-rf", name] [1] | semmle.label | ["-rf", name] [1] |
| lib/lib.js:555:33:555:36 | name | semmle.label | name |
| lib/lib.js:555:33:555:36 | name | semmle.label | name |
| lib/lib.js:558:41:558:44 | name | semmle.label | name |
@@ -341,6 +359,7 @@ subpaths
| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | lib/lib.js:251:16:251:31 | cleanInput(name) |
| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) |
| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr | lib/lib.js:428:14:428:58 | build(" ... + '-') |
| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr [ArrayElement] | lib/lib.js:428:14:428:58 | build(" ... + '-') [ArrayElement] |
#select
| lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command |
| lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command |

37
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

@@ -265,7 +265,9 @@ nodes
| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query |
| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-router.js:23:31:23:36 | [post update] router | semmle.label | [post update] router |
| react-use-router.js:23:31:23:36 | [post update] router [ArrayElement] | semmle.label | [post update] router [ArrayElement] |
| react-use-router.js:23:43:23:48 | router | semmle.label | router |
| react-use-router.js:23:43:23:48 | router [ArrayElement] | semmle.label | router [ArrayElement] |
| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query |
| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query |
@@ -328,6 +330,11 @@ nodes
| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href |
| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href |
| tainted-url-suffix-arguments.js:3:17:3:17 | y | semmle.label | y |
| tainted-url-suffix-arguments.js:6:22:6:22 | y | semmle.label | y |
| tainted-url-suffix-arguments.js:11:11:11:36 | url | semmle.label | url |
| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | semmle.label | window.location.href |
| tainted-url-suffix-arguments.js:12:17:12:19 | url | semmle.label | url |
| tooltip.jsx:6:11:6:30 | source | semmle.label | source |
| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name |
| tooltip.jsx:10:25:10:30 | source | semmle.label | source |
@@ -414,7 +421,6 @@ nodes
| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search |
| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search |
| tst.js:68:16:68:20 | bar() | semmle.label | bar() |
| tst.js:70:1:70:27 | [,docum ... search] | semmle.label | [,docum ... search] |
| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] |
| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search |
| tst.js:70:46:70:46 | x | semmle.label | x |
@@ -540,6 +546,7 @@ nodes
| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] |
| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash |
| tst.js:424:18:424:48 | window. ... it('#') | semmle.label | window. ... it('#') |
| tst.js:424:18:424:48 | window. ... it('#') [ArrayElement] | semmle.label | window. ... it('#') [ArrayElement] |
| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] |
| tst.js:428:7:428:39 | target | semmle.label | target |
| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search |
@@ -590,6 +597,7 @@ nodes
| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | semmle.label | "<div>" ... ainted) |
| various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | semmle.label | "<div>" ... /div>") |
| various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") [ArrayElement] | semmle.label | "<div>" ... /div>") [ArrayElement] |
| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | semmle.label | ["<div> ... /div>"] |
| various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | semmle.label | ["<div> ... .join() |
@@ -600,6 +608,7 @@ nodes
| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | semmle.label | "<div i ... ainted) |
| various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | semmle.label | "<div i ... t("/>") |
| various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") [ArrayElement] | semmle.label | "<div i ... t("/>") [ArrayElement] |
| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | semmle.label | ["<div ... "\\"/>"] |
| various-concat-obfuscations.js:12:4:12:41 | ["<div ... .join() | semmle.label | ["<div ... .join() |
@@ -614,6 +623,7 @@ nodes
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | semmle.label | '<div a ... ntent)) |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | semmle.label | '<div a ... ntent)) [ArrayElement] |
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | semmle.label | '<div a ... /div>') |
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | semmle.label | '<div a ... /div>') [ArrayElement] |
| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | semmle.label | attrs.defaultattr |
| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' |
@@ -621,6 +631,7 @@ nodes
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | semmle.label | indirec ... .attrs) [ArrayElement] |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs |
| winjs.js:2:7:2:53 | tainted | semmle.label | tainted |
@@ -882,9 +893,12 @@ edges
| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | |
| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | |
| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | provenance | |
| react-use-router.js:23:31:23:36 | [post update] router [ArrayElement] | react-use-router.js:23:43:23:48 | router [ArrayElement] | provenance | |
| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | provenance | |
| react-use-router.js:23:43:23:48 | router [ArrayElement] | react-use-router.js:23:43:23:54 | router.query | provenance | |
| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | |
| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | provenance | |
| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router [ArrayElement] | provenance | |
| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | |
| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | |
| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | provenance | |
@@ -939,6 +953,10 @@ edges
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | Config |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | Config |
| tainted-url-suffix-arguments.js:3:17:3:17 | y | tainted-url-suffix-arguments.js:6:22:6:22 | y | provenance | |
| tainted-url-suffix-arguments.js:11:11:11:36 | url | tainted-url-suffix-arguments.js:12:17:12:19 | url | provenance | |
| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:11:11:11:36 | url | provenance | |
| tainted-url-suffix-arguments.js:12:17:12:19 | url | tainted-url-suffix-arguments.js:3:17:3:17 | y | provenance | |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | |
| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | |
@@ -1023,11 +1041,7 @@ edges
| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | |
| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | |
| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | |
| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | |
| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | Config |
| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | Config |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | |
| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | |
| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | |
@@ -1134,8 +1148,11 @@ edges
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | Config |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [ArrayElement] | provenance | |
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config |
| tst.js:424:18:424:48 | window. ... it('#') [ArrayElement] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
| tst.js:424:18:424:48 | window. ... it('#') [ArrayElement] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config |
| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | |
| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | |
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | |
@@ -1184,12 +1201,16 @@ edges
| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | provenance | Config |
| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | provenance | Config |
| various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | provenance | |
| various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") [ArrayElement] | provenance | |
| various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") [ArrayElement] | various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | provenance | |
| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | provenance | Config |
| various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | provenance | |
| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | provenance | Config |
| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "<div i ... "\\"/>" | provenance | Config |
| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | provenance | Config |
| various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | provenance | |
| various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") [ArrayElement] | provenance | |
| various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") [ArrayElement] | various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | provenance | |
| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | provenance | Config |
| various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | various-concat-obfuscations.js:12:4:12:41 | ["<div ... .join() | provenance | |
| various-concat-obfuscations.js:12:19:12:25 | tainted | various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | provenance | Config |
@@ -1202,7 +1223,9 @@ edges
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | provenance | |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | Config |
| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | |
@@ -1211,10 +1234,12 @@ edges
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | provenance | Config |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | provenance | |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | Config |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | provenance | Config |
| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | provenance | |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | provenance | |
| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | provenance | |
@@ -1232,6 +1257,7 @@ subpaths
| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] |
#select
| addEventListener.js:2:20:2:29 | event.data | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value |
| addEventListener.js:6:20:6:23 | data | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:6:20:6:23 | data | Cross-site scripting vulnerability due to $@. | addEventListener.js:5:43:5:48 | {data} | user-provided value |
@@ -1356,6 +1382,7 @@ subpaths
| string-manipulations.js:8:16:8:48 | documen ... mLeft() | string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:8:16:8:37 | documen ... on.href | user-provided value |
| string-manipulations.js:9:16:9:58 | String. ... n.href) | string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:9:36:9:57 | documen ... on.href | user-provided value |
| string-manipulations.js:10:16:10:45 | String( ... n.href) | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:10:23:10:44 | documen ... on.href | user-provided value |
| tainted-url-suffix-arguments.js:6:22:6:22 | y | tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:6:22:6:22 | y | Cross-site scripting vulnerability due to $@. | tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | user-provided value |
| tooltip.jsx:10:25:10:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:10:25:10:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value |
| tooltip.jsx:11:25:11:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:11:25:11:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value |
| tooltip.jsx:18:51:18:59 | provide() | tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:18:51:18:59 | provide() | Cross-site scripting vulnerability due to $@. | tooltip.jsx:22:20:22:30 | window.name | user-provided value |

36
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

@@ -270,7 +270,9 @@ nodes
| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query |
| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-router.js:23:31:23:36 | [post update] router | semmle.label | [post update] router |
| react-use-router.js:23:31:23:36 | [post update] router [ArrayElement] | semmle.label | [post update] router [ArrayElement] |
| react-use-router.js:23:43:23:48 | router | semmle.label | router |
| react-use-router.js:23:43:23:48 | router [ArrayElement] | semmle.label | router [ArrayElement] |
| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query |
| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query |
@@ -333,6 +335,11 @@ nodes
| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href |
| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href |
| tainted-url-suffix-arguments.js:3:17:3:17 | y | semmle.label | y |
| tainted-url-suffix-arguments.js:6:22:6:22 | y | semmle.label | y |
| tainted-url-suffix-arguments.js:11:11:11:36 | url | semmle.label | url |
| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | semmle.label | window.location.href |
| tainted-url-suffix-arguments.js:12:17:12:19 | url | semmle.label | url |
| tooltip.jsx:6:11:6:30 | source | semmle.label | source |
| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name |
| tooltip.jsx:10:25:10:30 | source | semmle.label | source |
@@ -419,7 +426,6 @@ nodes
| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search |
| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search |
| tst.js:68:16:68:20 | bar() | semmle.label | bar() |
| tst.js:70:1:70:27 | [,docum ... search] | semmle.label | [,docum ... search] |
| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] |
| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search |
| tst.js:70:46:70:46 | x | semmle.label | x |
@@ -545,6 +551,7 @@ nodes
| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] |
| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash |
| tst.js:424:18:424:48 | window. ... it('#') | semmle.label | window. ... it('#') |
| tst.js:424:18:424:48 | window. ... it('#') [ArrayElement] | semmle.label | window. ... it('#') [ArrayElement] |
| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] |
| tst.js:428:7:428:39 | target | semmle.label | target |
| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search |
@@ -597,6 +604,7 @@ nodes
| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | semmle.label | "<div>" ... ainted) |
| various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | semmle.label | "<div>" ... /div>") |
| various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") [ArrayElement] | semmle.label | "<div>" ... /div>") [ArrayElement] |
| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | semmle.label | ["<div> ... /div>"] |
| various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | semmle.label | ["<div> ... .join() |
@@ -607,6 +615,7 @@ nodes
| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | semmle.label | "<div i ... ainted) |
| various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | semmle.label | "<div i ... t("/>") |
| various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") [ArrayElement] | semmle.label | "<div i ... t("/>") [ArrayElement] |
| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted |
| various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | semmle.label | ["<div ... "\\"/>"] |
| various-concat-obfuscations.js:12:4:12:41 | ["<div ... .join() | semmle.label | ["<div ... .join() |
@@ -621,6 +630,7 @@ nodes
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | semmle.label | '<div a ... ntent)) |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | semmle.label | '<div a ... ntent)) [ArrayElement] |
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | semmle.label | '<div a ... /div>') |
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | semmle.label | '<div a ... /div>') [ArrayElement] |
| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | semmle.label | attrs.defaultattr |
| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' |
@@ -628,6 +638,7 @@ nodes
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | semmle.label | indirec ... .attrs) [ArrayElement] |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs |
| winjs.js:2:7:2:53 | tainted | semmle.label | tainted |
@@ -907,9 +918,12 @@ edges
| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | |
| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | |
| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | provenance | |
| react-use-router.js:23:31:23:36 | [post update] router [ArrayElement] | react-use-router.js:23:43:23:48 | router [ArrayElement] | provenance | |
| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | provenance | |
| react-use-router.js:23:43:23:48 | router [ArrayElement] | react-use-router.js:23:43:23:54 | router.query | provenance | |
| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | |
| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | provenance | |
| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router [ArrayElement] | provenance | |
| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | |
| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | |
| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | provenance | |
@@ -964,6 +978,10 @@ edges
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | Config |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | Config |
| tainted-url-suffix-arguments.js:3:17:3:17 | y | tainted-url-suffix-arguments.js:6:22:6:22 | y | provenance | |
| tainted-url-suffix-arguments.js:11:11:11:36 | url | tainted-url-suffix-arguments.js:12:17:12:19 | url | provenance | |
| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:11:11:11:36 | url | provenance | |
| tainted-url-suffix-arguments.js:12:17:12:19 | url | tainted-url-suffix-arguments.js:3:17:3:17 | y | provenance | |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | |
| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | |
@@ -1048,11 +1066,7 @@ edges
| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | |
| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | |
| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | |
| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | |
| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | Config |
| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | Config |
| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | |
| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | |
| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | |
@@ -1159,8 +1173,11 @@ edges
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | Config |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [ArrayElement] | provenance | |
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config |
| tst.js:424:18:424:48 | window. ... it('#') [ArrayElement] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
| tst.js:424:18:424:48 | window. ... it('#') [ArrayElement] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config |
| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | |
| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | |
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | |
@@ -1210,12 +1227,16 @@ edges
| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | provenance | Config |
| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `<div>$ ... </div>` | provenance | Config |
| various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | provenance | |
| various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") [ArrayElement] | provenance | |
| various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") [ArrayElement] | various-concat-obfuscations.js:6:4:6:43 | "<div>" ... /div>") | provenance | |
| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "<div>" ... ainted) | provenance | Config |
| various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["<div> ... .join() | provenance | |
| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["<div> ... /div>"] | provenance | Config |
| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "<div i ... "\\"/>" | provenance | Config |
| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `<div i ... ed}"/>` | provenance | Config |
| various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | provenance | |
| various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") [ArrayElement] | provenance | |
| various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") [ArrayElement] | various-concat-obfuscations.js:11:4:11:44 | "<div i ... t("/>") | provenance | |
| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "<div i ... ainted) | provenance | Config |
| various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | various-concat-obfuscations.js:12:4:12:41 | ["<div ... .join() | provenance | |
| various-concat-obfuscations.js:12:19:12:25 | tainted | various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | provenance | Config |
@@ -1228,7 +1249,9 @@ edges
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | provenance | |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | Config |
| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | |
@@ -1237,10 +1260,12 @@ edges
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | provenance | Config |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | provenance | |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | Config |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | provenance | Config |
| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | provenance | |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | provenance | |
| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | provenance | |
@@ -1270,6 +1295,7 @@ subpaths
| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] |
#select
| jwt.js:6:14:6:20 | decoded | jwt.js:4:36:4:39 | data | jwt.js:6:14:6:20 | decoded | Cross-site scripting vulnerability due to $@. | jwt.js:4:36:4:39 | data | user-provided value |
| typeahead.js:10:16:10:18 | loc | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | Cross-site scripting vulnerability due to $@. | typeahead.js:9:28:9:30 | loc | user-provided value |

13
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tainted-url-suffix-arguments.js Normal file
View File

@@ -0,0 +1,13 @@
import 'dummy';
function foo(x, y, z) {
arguments; // ensure 'arguments' are used
document.writeln(x); // OK
document.writeln(y); // NOT OK
document.writeln(z); // OK
}
function bar() {
const url = window.location.href;
foo('safe', url, 'safe');
}

12
javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected
View File

@@ -16,7 +16,7 @@ nodes
| exception-xss.js:21:11:21:21 | foo + "bar" | semmle.label | foo + "bar" |
| exception-xss.js:22:11:22:11 | e | semmle.label | e |
| exception-xss.js:23:18:23:18 | e | semmle.label | e |
| exception-xss.js:33:11:33:22 | ["bar", foo] | semmle.label | ["bar", foo] |
| exception-xss.js:33:11:33:22 | ["bar", foo] [1] | semmle.label | ["bar", foo] [1] |
| exception-xss.js:33:19:33:21 | foo | semmle.label | foo |
| exception-xss.js:34:11:34:11 | e | semmle.label | e |
| exception-xss.js:35:18:35:18 | e | semmle.label | e |
@@ -42,7 +42,7 @@ nodes
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | semmle.label | foo.match(/foo/) |
| exception-xss.js:90:11:90:11 | e | semmle.label | e |
| exception-xss.js:91:18:91:18 | e | semmle.label | e |
| exception-xss.js:95:11:95:22 | [foo, "bar"] | semmle.label | [foo, "bar"] |
| exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | semmle.label | [foo, "bar"] [0] |
| exception-xss.js:95:12:95:14 | foo | semmle.label | foo |
| exception-xss.js:96:11:96:11 | e | semmle.label | e |
| exception-xss.js:97:18:97:18 | e | semmle.label | e |
@@ -100,8 +100,8 @@ edges
| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" | provenance | |
| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e | provenance | Config |
| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | provenance | |
| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e | provenance | Config |
| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] | provenance | |
| exception-xss.js:33:11:33:22 | ["bar", foo] [1] | exception-xss.js:34:11:34:11 | e | provenance | Config |
| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] [1] | provenance | |
| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | provenance | |
| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x | provenance | |
| exception-xss.js:39:9:39:9 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | provenance | Config |
@@ -124,8 +124,8 @@ edges
| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) | provenance | |
| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e | provenance | Config |
| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | provenance | |
| exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e | provenance | Config |
| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] | provenance | |
| exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | exception-xss.js:96:11:96:11 | e | provenance | Config |
| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] [0] | provenance | |
| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | provenance | |
| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e | provenance | Config |
| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | provenance | |

36
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -2,9 +2,6 @@ edges
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | provenance | |
| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | provenance | |
| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | provenance | |
| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | provenance | |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable | provenance | |
| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | provenance | |
| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | provenance | |
| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | provenance | |
| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | provenance | |
@@ -26,12 +23,18 @@ edges
| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:11:116:45 | keys | provenance | |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:11:116:45 | keys | provenance | |
| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | provenance | |
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | |
| ReflectedXss.js:118:11:118:61 | keyArray [0] | ReflectedXss.js:119:25:119:32 | keyArray [0] | provenance | |
| ReflectedXss.js:118:49:118:54 | [keys] [0] | ReflectedXss.js:118:11:118:61 | keyArray [0] | provenance | |
| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] [0] | provenance | |
| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | |
| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | provenance | |
| ReflectedXss.js:119:11:119:72 | invalidKeys [0] | ReflectedXss.js:122:33:122:43 | invalidKeys [0] | provenance | |
| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | provenance | |
| ReflectedXss.js:119:25:119:32 | keyArray [0] | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | provenance | |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | provenance | |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | ReflectedXss.js:119:11:119:72 | invalidKeys [0] | provenance | |
| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | |
| ReflectedXss.js:122:33:122:43 | invalidKeys [0] | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | provenance | |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | provenance | |
| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | provenance | |
@@ -40,14 +43,22 @@ edges
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value | provenance | |
| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value | provenance | |
| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | |
| ReflectedXssGood3.js:77:7:77:37 | parts [0] | ReflectedXssGood3.js:108:10:108:14 | parts [0] | provenance | |
| ReflectedXssGood3.js:77:7:77:37 | parts [ArrayElement] | ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | provenance | |
| ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | ReflectedXssGood3.js:77:7:77:37 | parts [0] | provenance | |
| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | provenance | |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | provenance | |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | ReflectedXssGood3.js:77:7:77:37 | parts [ArrayElement] | provenance | |
| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | provenance | |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts | provenance | |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | provenance | |
| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:108:10:108:14 | parts [0] | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | |
| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | provenance | |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | provenance | |
| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | provenance | |
@@ -149,10 +160,6 @@ nodes
| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) |
| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body |
| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:30:7:33:4 | mytable | semmle.label | mytable |
| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | semmle.label | table([ ... y]\\n ]) |
| ReflectedXss.js:32:14:32:21 | req.body | semmle.label | req.body |
| ReflectedXss.js:34:12:34:18 | mytable | semmle.label | mytable |
| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) |
| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body |
@@ -188,13 +195,19 @@ nodes
| ReflectedXss.js:116:18:116:26 | queryKeys | semmle.label | queryKeys |
| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | semmle.label | paramKeys?.keys |
| ReflectedXss.js:118:11:118:61 | keyArray | semmle.label | keyArray |
| ReflectedXss.js:118:11:118:61 | keyArray [0] | semmle.label | keyArray [0] |
| ReflectedXss.js:118:49:118:54 | [keys] [0] | semmle.label | [keys] [0] |
| ReflectedXss.js:118:50:118:53 | keys | semmle.label | keys |
| ReflectedXss.js:118:58:118:61 | keys | semmle.label | keys |
| ReflectedXss.js:119:11:119:72 | invalidKeys | semmle.label | invalidKeys |
| ReflectedXss.js:119:11:119:72 | invalidKeys [0] | semmle.label | invalidKeys [0] |
| ReflectedXss.js:119:25:119:32 | keyArray | semmle.label | keyArray |
| ReflectedXss.js:119:25:119:32 | keyArray [0] | semmle.label | keyArray [0] |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | semmle.label | keyArra ... s(key)) |
| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) [0] | semmle.label | keyArra ... s(key)) [0] |
| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | semmle.label | `${inva ... telist` |
| ReflectedXss.js:122:33:122:43 | invalidKeys | semmle.label | invalidKeys |
| ReflectedXss.js:122:33:122:43 | invalidKeys [0] | semmle.label | invalidKeys [0] |
| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | semmle.label | invalid ... n(', ') |
| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id |
| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id |
@@ -206,12 +219,18 @@ nodes
| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id |
| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value |
| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts |
| ReflectedXssGood3.js:77:7:77:37 | parts [0] | semmle.label | parts [0] |
| ReflectedXssGood3.js:77:7:77:37 | parts [ArrayElement] | semmle.label | parts [ArrayElement] |
| ReflectedXssGood3.js:77:15:77:37 | [value. ... (0, i)] [0] | semmle.label | [value. ... (0, i)] [0] |
| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value |
| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts |
| ReflectedXssGood3.js:105:7:105:11 | [post update] parts [ArrayElement] | semmle.label | [post update] parts [ArrayElement] |
| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value |
| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) |
| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts |
| ReflectedXssGood3.js:108:10:108:14 | parts [0] | semmle.label | parts [0] |
| ReflectedXssGood3.js:108:10:108:14 | parts [ArrayElement] | semmle.label | parts [ArrayElement] |
| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') |
| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url |
| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id |
@@ -335,7 +354,6 @@ subpaths
| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value |
| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value |
| ReflectedXss.js:34:12:34:18 | mytable | ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:34:12:34:18 | mytable | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:32:14:32:21 | req.body | user-provided value |
| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value |
| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value |

2
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.js
View File

@@ -31,7 +31,7 @@ app.get('/user/:id', function(req, res) {
['Name', 'Content'],
['body', req.body]
]);
res.send(mytable); // NOT OK
res.send(mytable); // NOT OK - FIXME: only works in OLD dataflow, add implicit reads before library-contributed taint steps
});
var showdown = require('showdown');

1
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected
View File

@@ -3,7 +3,6 @@
| ReflectedXss.js:22:12:22:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:22:12:22:19 | req.body | user-provided value |
| ReflectedXss.js:23:12:23:27 | marked(req.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:23:19:23:26 | req.body | user-provided value |
| ReflectedXss.js:29:12:29:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:29:12:29:19 | req.body | user-provided value |
| ReflectedXss.js:34:12:34:18 | mytable | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:32:14:32:21 | req.body | user-provided value |
| ReflectedXss.js:41:12:41:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:41:12:41:19 | req.body | user-provided value |
| ReflectedXss.js:42:12:42:39 | convert ... q.body) | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:42:31:42:38 | req.body | user-provided value |
| ReflectedXss.js:56:12:56:19 | req.body | Cross-site scripting vulnerability due to $@. | ReflectedXss.js:56:12:56:19 | req.body | user-provided value |

15
javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected
View File

@@ -10,15 +10,22 @@ edges
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:34:20:37 | file | provenance | |
| xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | xss-through-filenames.js:20:13:20:18 | [post update] files3 | provenance | |
| xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | provenance | |
| xss-through-filenames.js:20:34:20:37 | file | xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | provenance | |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | provenance | |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | provenance | |
@@ -29,6 +36,7 @@ edges
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | provenance | |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | provenance | |
| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 | provenance | |
| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | provenance | |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | provenance | |
| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | provenance | |
@@ -51,10 +59,13 @@ nodes
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] |
| xss-through-filenames.js:19:45:19:48 | file | semmle.label | file |
| xss-through-filenames.js:20:13:20:18 | [post update] files3 | semmle.label | [post update] files3 |
| xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | semmle.label | [post update] files3 [ArrayElement] |
| xss-through-filenames.js:20:25:20:47 | '<li>' ... '</li>' | semmle.label | '<li>' ... '</li>' |
| xss-through-filenames.js:20:34:20:37 | file | semmle.label | file |
| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 |
| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 |
| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | semmle.label | files3 [ArrayElement] |
| xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] | semmle.label | files3 [ArrayElement] |
| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') |
| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') |
| xss-through-filenames.js:25:43:25:48 | files1 | semmle.label | files1 |
@@ -78,8 +89,12 @@ nodes
subpaths
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] |
| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 [ArrayElement] |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] |

19
javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected
View File

@@ -53,11 +53,14 @@ nodes
| koarouter.js:5:11:5:33 | version | semmle.label | version |
| koarouter.js:5:13:5:19 | version | semmle.label | version |
| koarouter.js:11:11:11:28 | conditions | semmle.label | conditions |
| koarouter.js:11:11:11:28 | conditions [ArrayElement] | semmle.label | conditions [ArrayElement] |
| koarouter.js:14:9:14:18 | [post update] conditions | semmle.label | [post update] conditions |
| koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | semmle.label | [post update] conditions [ArrayElement] |
| koarouter.js:14:25:14:46 | `versio ... rsion}` | semmle.label | `versio ... rsion}` |
| koarouter.js:14:38:14:44 | version | semmle.label | version |
| koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | semmle.label | `SELECT ... nd ')}` |
| koarouter.js:17:52:17:61 | conditions | semmle.label | conditions |
| koarouter.js:17:52:17:61 | conditions [ArrayElement] | semmle.label | conditions [ArrayElement] |
| koarouter.js:17:52:17:75 | conditi ... and ') | semmle.label | conditi ... and ') |
| ldap.js:20:7:20:34 | q | semmle.label | q |
| ldap.js:20:11:20:34 | url.par ... , true) | semmle.label | url.par ... , true) |
@@ -240,6 +243,9 @@ nodes
| pg-promise.js:30:13:30:25 | req.params.id | semmle.label | req.params.id |
| pg-promise.js:34:13:34:25 | req.params.id | semmle.label | req.params.id |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | semmle.label | [\\n ... n\\n ] |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [0] | semmle.label | [\\n ... n\\n ] [0] |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [1] | semmle.label | [\\n ... n\\n ] [1] |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [2] | semmle.label | [\\n ... n\\n ] [2] |
| pg-promise.js:39:7:39:19 | req.params.id | semmle.label | req.params.id |
| pg-promise.js:40:7:40:21 | req.params.name | semmle.label | req.params.name |
| pg-promise.js:41:7:41:20 | req.params.foo | semmle.label | req.params.foo |
@@ -325,10 +331,14 @@ edges
| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version | provenance | |
| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version | provenance | |
| koarouter.js:11:11:11:28 | conditions | koarouter.js:17:52:17:61 | conditions | provenance | |
| koarouter.js:11:11:11:28 | conditions [ArrayElement] | koarouter.js:17:52:17:61 | conditions [ArrayElement] | provenance | |
| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:11:11:11:28 | conditions | provenance | |
| koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | koarouter.js:11:11:11:28 | conditions [ArrayElement] | provenance | |
| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions | provenance | |
| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions [ArrayElement] | provenance | |
| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` | provenance | |
| koarouter.js:17:52:17:61 | conditions | koarouter.js:17:52:17:75 | conditi ... and ') | provenance | |
| koarouter.js:17:52:17:61 | conditions [ArrayElement] | koarouter.js:17:52:17:75 | conditi ... and ') | provenance | |
| koarouter.js:17:52:17:75 | conditi ... and ') | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | provenance | |
| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | provenance | |
| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | provenance | |
@@ -602,9 +612,12 @@ edges
| pg-promise.js:22:11:22:15 | query | pg-promise.js:60:20:60:24 | query | provenance | |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:63:23:63:27 | query | provenance | |
| pg-promise.js:22:11:22:15 | query | pg-promise.js:64:16:64:20 | query | provenance | |
| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [0] | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [1] | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [2] | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | |
| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [0] | provenance | |
| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [1] | provenance | |
| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] [2] | provenance | |
| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | provenance | Config |
| redis.js:12:9:12:26 | key | redis.js:13:16:13:18 | key | provenance | |
| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | provenance | |

7
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected
View File

@@ -2,20 +2,27 @@ edges
| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | provenance | |
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | provenance | |
| bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements | provenance | |
| bad-code-sanitization.js:6:11:6:25 | statements [ArrayElement] | bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | provenance | |
| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:6:11:6:25 | statements | provenance | |
| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | bad-code-sanitization.js:6:11:6:25 | statements [ArrayElement] | provenance | |
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements | provenance | |
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | provenance | |
| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | provenance | |
| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | provenance | |
| bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | provenance | |
| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | provenance | |
| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:11:63:55 | assignment | provenance | |
nodes
| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | semmle.label | /^[_$a- ... key)}]` |
| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | semmle.label | JSON.stringify(key) |
| bad-code-sanitization.js:6:11:6:25 | statements | semmle.label | statements |
| bad-code-sanitization.js:6:11:6:25 | statements [ArrayElement] | semmle.label | statements [ArrayElement] |
| bad-code-sanitization.js:7:5:7:14 | [post update] statements | semmle.label | [post update] statements |
| bad-code-sanitization.js:7:5:7:14 | [post update] statements [ArrayElement] | semmle.label | [post update] statements [ArrayElement] |
| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | semmle.label | `${name ... key])}` |
| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | semmle.label | safeProp(key) |
| bad-code-sanitization.js:8:27:8:36 | statements | semmle.label | statements |
| bad-code-sanitization.js:8:27:8:36 | statements [ArrayElement] | semmle.label | statements [ArrayElement] |
| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | semmle.label | statements.join(';') |
| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | semmle.label | htmlescape(pathname) |
| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | semmle.label | JSON.st ... (input) |

21
javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -48,17 +48,32 @@ edges
| passwords.js:135:17:135:22 | config [y] | passwords.js:135:17:135:22 | config | provenance | |
| passwords.js:136:17:136:22 | config [x] | passwords.js:136:17:136:24 | config.x | provenance | |
| passwords.js:137:17:137:22 | config [y] | passwords.js:137:17:137:24 | config.y | provenance | |
| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments [ArrayElement] | provenance | |
| passwords.js:142:26:142:34 | [apply call taint node] | passwords.js:142:26:142:34 | arguments [ArrayElement] | provenance | |
| passwords.js:142:26:142:34 | arguments | passwords.js:142:26:142:34 | [apply call taint node] | provenance | |
| passwords.js:142:26:142:34 | arguments [0] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | |
| passwords.js:142:26:142:34 | arguments [0] | passwords.js:142:26:142:34 | arguments | provenance | |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | passwords.js:142:26:142:34 | [apply call taint node] | provenance | |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | passwords.js:142:26:142:34 | arguments | provenance | |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | passwords.js:142:26:142:34 | arguments | provenance | |
| passwords.js:146:9:148:5 | config [x] | passwords.js:149:21:149:26 | config [x] | provenance | |
| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | passwords.js:146:9:148:5 | config [x] | provenance | |
| passwords.js:147:12:147:19 | password | passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | provenance | |
| passwords.js:149:21:149:26 | config [x] | passwords.js:149:21:149:28 | config.x | provenance | |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments [0] | provenance | |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments [0] | provenance | |
| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | provenance | |
| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | provenance | |
| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | provenance | |
| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | provenance | |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | Config |
| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments [0] | provenance | |
| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | provenance | |
| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | provenance | |
| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | provenance | |
@@ -137,7 +152,13 @@ nodes
| passwords.js:136:17:136:24 | config.x | semmle.label | config.x |
| passwords.js:137:17:137:22 | config [y] | semmle.label | config [y] |
| passwords.js:137:17:137:24 | config.y | semmle.label | config.y |
| passwords.js:142:26:142:34 | [apply call taint node] | semmle.label | [apply call taint node] |
| passwords.js:142:26:142:34 | [apply call taint node] | semmle.label | [apply call taint node] |
| passwords.js:142:26:142:34 | arguments | semmle.label | arguments |
| passwords.js:142:26:142:34 | arguments | semmle.label | arguments |
| passwords.js:142:26:142:34 | arguments [0] | semmle.label | arguments [0] |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | semmle.label | arguments [ArrayElement] |
| passwords.js:142:26:142:34 | arguments [ArrayElement] | semmle.label | arguments [ArrayElement] |
| passwords.js:146:9:148:5 | config [x] | semmle.label | config [x] |
| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] |
| passwords.js:147:12:147:19 | password | semmle.label | password |

8
javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected
View File

@@ -3,8 +3,9 @@ edges
| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | provenance | |
| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | provenance | |
| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | provenance | |
| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | provenance | |
| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name | provenance | |
| lib/lib.js:32:32:32:40 | [apply call taint node] | lib/lib.js:32:32:32:40 | arguments [ArrayElement] | provenance | |
| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:32:32:32:40 | [apply call taint node] | provenance | |
| lib/lib.js:32:32:32:40 | arguments [ArrayElement] | lib/lib.js:35:28:35:31 | name | provenance | |
| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | provenance | |
| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | provenance | |
| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | provenance | |
@@ -359,8 +360,9 @@ nodes
| lib/lib.js:4:14:4:17 | name | semmle.label | name |
| lib/lib.js:7:19:7:22 | name | semmle.label | name |
| lib/lib.js:8:13:8:16 | name | semmle.label | name |
| lib/lib.js:32:32:32:40 | [apply call taint node] | semmle.label | [apply call taint node] |
| lib/lib.js:32:32:32:40 | arguments | semmle.label | arguments |
| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | semmle.label | 'arguments' object of function usedWithArguments |
| lib/lib.js:32:32:32:40 | arguments [ArrayElement] | semmle.label | arguments [ArrayElement] |
| lib/lib.js:35:28:35:31 | name | semmle.label | name |
| lib/lib.js:36:13:36:16 | name | semmle.label | name |
| lib/lib.js:41:32:41:35 | name | semmle.label | name |

13
javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected
View File

@@ -10,6 +10,10 @@ edges
| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | provenance | |
| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | provenance | |
| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | provenance | |
| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
| express.js:118:16:118:63 | [req.qu ... ection] [0] | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] | provenance | |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] [0] | provenance | |
| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | |
| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | provenance | |
| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | provenance | |
@@ -18,9 +22,13 @@ edges
| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | provenance | |
| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | provenance | |
| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | provenance | |
| express.js:164:7:164:54 | myThing [ArrayElement] | express.js:165:16:165:22 | myThing [ArrayElement] | provenance | |
| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) | provenance | |
| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | provenance | |
| express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing | provenance | |
| express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | express.js:164:7:164:54 | myThing [ArrayElement] | provenance | |
| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | provenance | |
| express.js:165:16:165:22 | myThing [ArrayElement] | express.js:165:16:165:22 | myThing | provenance | |
| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | provenance | |
| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url | provenance | |
| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | provenance | |
@@ -62,6 +70,8 @@ nodes
| express.js:83:16:83:34 | req.param("target") | semmle.label | req.param("target") |
| express.js:90:18:90:23 | target | semmle.label | target |
| express.js:97:16:97:21 | target | semmle.label | target |
| express.js:118:16:118:63 | [req.qu ... ection] | semmle.label | [req.qu ... ection] |
| express.js:118:16:118:63 | [req.qu ... ection] [0] | semmle.label | [req.qu ... ection] [0] |
| express.js:118:16:118:72 | [req.qu ... oin('') | semmle.label | [req.qu ... oin('') |
| express.js:118:17:118:30 | req.query.page | semmle.label | req.query.page |
| express.js:134:16:134:36 | '/' + r ... ms.user | semmle.label | '/' + r ... ms.user |
@@ -77,10 +87,13 @@ nodes
| express.js:155:18:155:23 | target | semmle.label | target |
| express.js:160:18:160:23 | target | semmle.label | target |
| express.js:164:7:164:54 | myThing | semmle.label | myThing |
| express.js:164:7:164:54 | myThing [ArrayElement] | semmle.label | myThing [ArrayElement] |
| express.js:164:17:164:41 | JSON.st ... .query) | semmle.label | JSON.st ... .query) |
| express.js:164:17:164:54 | JSON.st ... (1, -1) | semmle.label | JSON.st ... (1, -1) |
| express.js:164:17:164:54 | JSON.st ... (1, -1) [ArrayElement] | semmle.label | JSON.st ... (1, -1) [ArrayElement] |
| express.js:164:32:164:40 | req.query | semmle.label | req.query |
| express.js:165:16:165:22 | myThing | semmle.label | myThing |
| express.js:165:16:165:22 | myThing [ArrayElement] | semmle.label | myThing [ArrayElement] |
| koa.js:6:6:6:27 | url | semmle.label | url |
| koa.js:6:12:6:27 | ctx.query.target | semmle.label | ctx.query.target |
| koa.js:7:15:7:17 | url | semmle.label | url |

5
javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected
View File

@@ -29,8 +29,11 @@ edges
| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s | provenance | |
| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s | provenance | |
| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") | provenance | |
| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | provenance | |
| RegExpInjection.js:54:14:54:27 | key.split(".") | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | provenance | |
| RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | provenance | |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | provenance | |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | provenance | |
| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | provenance | |
| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | provenance | |
| RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input | provenance | |
@@ -74,7 +77,9 @@ nodes
| RegExpInjection.js:47:26:47:30 | input | semmle.label | input |
| RegExpInjection.js:54:14:54:16 | key | semmle.label | key |
| RegExpInjection.js:54:14:54:27 | key.split(".") | semmle.label | key.split(".") |
| RegExpInjection.js:54:14:54:27 | key.split(".") [ArrayElement] | semmle.label | key.split(".") [ArrayElement] |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | semmle.label | key.spl ... x => x) |
| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) [ArrayElement] | semmle.label | key.spl ... x => x) [ArrayElement] |
| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | semmle.label | key.spl ... in("-") |
| RegExpInjection.js:60:31:60:56 | input | semmle.label | input |
| RegExpInjection.js:60:39:60:56 | req.param("input") | semmle.label | req.param("input") |

47
javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected
View File

@@ -97,8 +97,12 @@ nodes
| tests.js:18:24:18:31 | src[key] | semmle.label | src[key] |
| tests.js:18:28:18:30 | key | semmle.label | key |
| tests.js:23:19:23:21 | dst | semmle.label | dst |
| tests.js:23:27:23:33 | sources [0] | semmle.label | sources [0] |
| tests.js:24:14:24:19 | source | semmle.label | source |
| tests.js:24:24:24:30 | sources [0] | semmle.label | sources [0] |
| tests.js:25:18:25:20 | key | semmle.label | key |
| tests.js:26:25:26:27 | dst | semmle.label | dst |
| tests.js:26:30:26:35 | source | semmle.label | source |
| tests.js:26:30:26:40 | source[key] | semmle.label | source[key] |
| tests.js:26:37:26:39 | key | semmle.label | key |
| tests.js:26:43:26:45 | key | semmle.label | key |
@@ -110,6 +114,7 @@ nodes
| tests.js:32:20:32:27 | dst[key] | semmle.label | dst[key] |
| tests.js:32:24:32:26 | key | semmle.label | key |
| tests.js:34:18:34:25 | dstValue | semmle.label | dstValue |
| tests.js:34:28:34:32 | value | semmle.label | value |
| tests.js:36:9:36:11 | dst | semmle.label | dst |
| tests.js:36:13:36:15 | key | semmle.label | key |
| tests.js:36:20:36:24 | value | semmle.label | value |
@@ -567,8 +572,24 @@ nodes
| tests.js:516:36:516:38 | key | semmle.label | key |
| tests.js:517:35:517:37 | dst | semmle.label | dst |
| tests.js:517:40:517:42 | key | semmle.label | key |
| tests.js:522:35:522:38 | args [0] | semmle.label | args [0] |
| tests.js:522:35:522:38 | args [1] | semmle.label | args [1] |
| tests.js:523:11:523:23 | dst | semmle.label | dst |
| tests.js:523:17:523:20 | args [0] | semmle.label | args [0] |
| tests.js:523:17:523:23 | args[0] | semmle.label | args[0] |
| tests.js:524:11:524:23 | src | semmle.label | src |
| tests.js:524:17:524:20 | args [1] | semmle.label | args [1] |
| tests.js:524:17:524:23 | args[1] | semmle.label | args[1] |
| tests.js:525:14:525:16 | key | semmle.label | key |
| tests.js:527:35:527:37 | dst | semmle.label | dst |
| tests.js:527:35:527:42 | dst[key] | semmle.label | dst[key] |
| tests.js:527:39:527:41 | key | semmle.label | key |
| tests.js:527:45:527:47 | src | semmle.label | src |
| tests.js:527:45:527:52 | src[key] | semmle.label | src[key] |
| tests.js:527:49:527:51 | key | semmle.label | key |
| tests.js:529:13:529:15 | dst | semmle.label | dst |
| tests.js:529:17:529:19 | key | semmle.label | key |
| tests.js:529:24:529:26 | src | semmle.label | src |
| tests.js:529:24:529:31 | src[key] | semmle.label | src[key] |
| tests.js:529:28:529:30 | key | semmle.label | key |
| tests.js:534:31:534:33 | obj | semmle.label | obj |
@@ -735,14 +756,19 @@ edges
| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | provenance | Config |
| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | provenance | Config |
| tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | provenance | |
| tests.js:23:27:23:33 | sources [0] | tests.js:24:24:24:30 | sources [0] | provenance | |
| tests.js:24:14:24:19 | source | tests.js:26:30:26:35 | source | provenance | |
| tests.js:24:24:24:30 | sources [0] | tests.js:24:14:24:19 | source | provenance | |
| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | provenance | |
| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | provenance | |
| tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | provenance | |
| tests.js:26:30:26:35 | source | tests.js:26:30:26:40 | source[key] | provenance | Config |
| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | provenance | |
| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | provenance | Config |
| tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | provenance | |
| tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | provenance | |
| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | provenance | |
| tests.js:31:27:31:31 | value | tests.js:34:28:34:32 | value | provenance | |
| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | provenance | |
| tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | provenance | |
| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | provenance | |
@@ -751,6 +777,7 @@ edges
| tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | provenance | |
| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | provenance | Config |
| tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | provenance | |
| tests.js:34:28:34:32 | value | tests.js:23:27:23:33 | sources [0] | provenance | |
| tests.js:40:27:40:29 | dst | tests.js:44:30:44:32 | dst | provenance | |
| tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | provenance | |
| tests.js:40:32:40:34 | src | tests.js:44:40:44:42 | src | provenance | |
@@ -1257,8 +1284,27 @@ edges
| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | provenance | Config |
| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | provenance | Config |
| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | provenance | Config |
| tests.js:522:35:522:38 | args [0] | tests.js:523:17:523:20 | args [0] | provenance | |
| tests.js:522:35:522:38 | args [1] | tests.js:524:17:524:20 | args [1] | provenance | |
| tests.js:523:11:523:23 | dst | tests.js:527:35:527:37 | dst | provenance | |
| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | provenance | |
| tests.js:523:17:523:20 | args [0] | tests.js:523:17:523:23 | args[0] | provenance | |
| tests.js:523:17:523:23 | args[0] | tests.js:523:11:523:23 | dst | provenance | |
| tests.js:524:11:524:23 | src | tests.js:527:45:527:47 | src | provenance | |
| tests.js:524:11:524:23 | src | tests.js:529:24:529:26 | src | provenance | |
| tests.js:524:17:524:20 | args [1] | tests.js:524:17:524:23 | args[1] | provenance | |
| tests.js:524:17:524:23 | args[1] | tests.js:524:11:524:23 | src | provenance | |
| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | provenance | |
| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | provenance | |
| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | provenance | |
| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | provenance | |
| tests.js:527:35:527:37 | dst | tests.js:527:35:527:42 | dst[key] | provenance | Config |
| tests.js:527:35:527:42 | dst[key] | tests.js:522:35:522:38 | args [0] | provenance | |
| tests.js:527:39:527:41 | key | tests.js:527:35:527:42 | dst[key] | provenance | Config |
| tests.js:527:45:527:47 | src | tests.js:527:45:527:52 | src[key] | provenance | Config |
| tests.js:527:45:527:52 | src[key] | tests.js:522:35:522:38 | args [1] | provenance | |
| tests.js:527:49:527:51 | key | tests.js:527:45:527:52 | src[key] | provenance | Config |
| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | provenance | Config |
| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | provenance | Config |
| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | provenance | |
| tests.js:534:36:534:43 | callback [dst] | tests.js:538:9:538:16 | callback [dst] | provenance | |
@@ -1371,5 +1417,6 @@ subpaths
| tests.js:477:13:477:15 | dst | tests.js:473:25:473:27 | key | tests.js:477:13:477:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:473:12:473:14 | src | src | tests.js:477:13:477:15 | dst | dst |
| tests.js:489:13:489:15 | dst | tests.js:484:14:484:16 | key | tests.js:489:13:489:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:484:21:484:23 | src | src | tests.js:489:13:489:15 | dst | dst |
| tests.js:517:35:517:37 | dst | tests.js:511:19:511:25 | keys[i] | tests.js:517:35:517:37 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:509:28:509:30 | src | src | tests.js:517:35:517:37 | dst | dst |
| tests.js:529:13:529:15 | dst | tests.js:525:14:525:16 | key | tests.js:529:13:529:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:525:21:525:23 | src | src | tests.js:529:13:529:15 | dst | dst |
| tests.js:547:13:547:15 | dst | tests.js:538:18:538:24 | keys[i] | tests.js:547:13:547:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:535:30:535:32 | obj | obj | tests.js:547:13:547:15 | dst | dst |
| tests.js:605:13:605:16 | dest | tests.js:601:16:601:18 | key | tests.js:605:13:605:16 | dest | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:601:35:601:40 | source | source | tests.js:605:13:605:16 | dest | dest |

25
javascript/ql/test/testUtilities/InlineFlowTest.qll Normal file
View File

@@ -0,0 +1,25 @@
/**
* Inline flow tests for JavaScript.
* See `shared/util/codeql/dataflow/test/InlineFlowTest.qll`
*/
private import javascript
private import semmle.javascript.Locations
private import codeql.dataflow.test.InlineFlowTest
private import semmle.javascript.dataflow.internal.sharedlib.DataFlowArg
private import semmle.javascript.frameworks.data.internal.ApiGraphModelsExtensions as ApiGraphModelsExtensions
private import internal.InlineExpectationsTestImpl
private module FlowTestImpl implements InputSig<Location, JSDataFlow> {
import testUtilities.InlineFlowTestUtil
bindingset[src, sink]
string getArgString(DataFlow::Node src, DataFlow::Node sink) {
(if exists(getSourceArgString(src)) then result = getSourceArgString(src) else result = "") and
exists(sink)
}
predicate interpretModelForTest = ApiGraphModelsExtensions::interpretModelForTest/2;
}
import InlineFlowTestMake<Location, JSDataFlow, JSTaintFlow, Impl, FlowTestImpl>

21
javascript/ql/test/testUtilities/InlineFlowTestUtil.qll Normal file
View File

@@ -0,0 +1,21 @@
/**
* Defines the default source and sink recognition for `InlineFlowTest.qll`.
*
* We reuse these predicates in some type-tracking tests that don't wish to bring in the
* test configuration from `InlineFlowTest`.
*/
private import javascript
predicate defaultSource(DataFlow::Node src) { src.(DataFlow::CallNode).getCalleeName() = "source" }
predicate defaultSink(DataFlow::Node sink) {
exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | sink = call.getAnArgument())
}
bindingset[src]
string getSourceArgString(DataFlow::Node src) {
src.(DataFlow::CallNode).getAnArgument().getStringValue() = result
or
src.(DataFlow::ParameterNode).getName() = result
}