hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into logs

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2021-07-16 11:21:25 +02:00
parent e13d53f001 a02a82caac
commit 178d3de824
311 changed files with 9413 additions and 1874 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
javascript/ql/src/semmle/javascript/ApiGraphs.qll
View File

@@ -617,11 +617,11 @@ module API {
cached
predicate use(TApiNode nd, DataFlow::Node ref) {
exists(string m, Module mod | nd = MkModuleDef(m) and mod = importableModule(m) |
ref.(ModuleVarNode).getModule() = mod
ref = DataFlow::moduleVarNode(mod)
)
or
exists(string m, Module mod | nd = MkModuleExport(m) and mod = importableModule(m) |
ref.(ExportsVarNode).getModule() = mod
ref = DataFlow::exportsVarNode(mod)
or
exists(DataFlow::Node base | use(MkModuleDef(m), base) |
ref = trackUseNode(base).getAPropertyRead("exports")
@@ -742,12 +742,9 @@ module API {
or
// additional backwards step from `require('m')` to `exports` or `module.exports` in m
exists(Import imp | imp.getImportedModuleNode() = trackDefNode(nd, t.continue()) |
result.(ExportsVarNode).getModule() = imp.getImportedModule()
result = DataFlow::exportsVarNode(imp.getImportedModule())
or
exists(ModuleVarNode mod |
mod.getModule() = imp.getImportedModule() and
result = mod.(DataFlow::SourceNode).getAPropertyRead("exports")
)
result = DataFlow::moduleVarNode(imp.getImportedModule()).getAPropertyRead("exports")
)
or
t = defStep(nd, result)
@@ -981,46 +978,3 @@ private module Label {
/** Gets the `promisedError` edge label connecting a promise to its rejected value. */
string promisedError() { result = "promisedError" }
}
private class NodeModuleSourcesNodes extends DataFlow::SourceNode::Range {
Variable v;
NodeModuleSourcesNodes() {
exists(NodeModule m |
this = DataFlow::ssaDefinitionNode(SSA::implicitInit(v)) and
v = [m.getModuleVariable(), m.getExportsVariable()]
)
}
Variable getVariable() { result = v }
}
/**
* A CommonJS/AMD `module` variable.
*/
private class ModuleVarNode extends DataFlow::Node {
Module m;
ModuleVarNode() {
this.(NodeModuleSourcesNodes).getVariable() = m.(NodeModule).getModuleVariable()
or
DataFlow::parameterNode(this, m.(AmdModule).getDefine().getModuleParameter())
}
Module getModule() { result = m }
}
/**
* A CommonJS/AMD `exports` variable.
*/
private class ExportsVarNode extends DataFlow::Node {
Module m;
ExportsVarNode() {
this.(NodeModuleSourcesNodes).getVariable() = m.(NodeModule).getExportsVariable()
or
DataFlow::parameterNode(this, m.(AmdModule).getDefine().getExportsParameter())
}
Module getModule() { result = m }
}

113
javascript/ql/src/semmle/javascript/Arrays.qll
View File

@@ -68,7 +68,7 @@ module ArrayTaintTracking {
succ = call
or
// `e = Array.from(x)`: if `x` is tainted, then so is `e`.
call = DataFlow::globalVarRef("Array").getAPropertyRead("from").getACall() and
call = arrayFromCall() and
pred = call.getAnArgument() and
succ = call
or
@@ -79,6 +79,11 @@ module ArrayTaintTracking {
call.(DataFlow::MethodCallNode).getMethodName() = "concat" and
succ = call and
pred = call.getAnArgument()
or
// find
// `e = arr.find(callback)`
call = arrayFindCall(pred) and
succ = call
}
}
@@ -97,7 +102,7 @@ private module ArrayDataFlow {
DataFlow::Node pred, DataFlow::Node succ, string fromProp, string toProp
) {
exists(DataFlow::CallNode call |
call = DataFlow::globalVarRef("Array").getAMemberCall("from") and
call = arrayFromCall() and
pred = call.getArgument(0) and
succ = call and
fromProp = arrayLikeElement() and
@@ -297,4 +302,108 @@ private module ArrayDataFlow {
)
}
}
/**
* A step modelling that elements from an array `arr` are received by calling `find`.
*/
private class ArrayFindStep extends DataFlow::SharedFlowStep {
override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
exists(DataFlow::CallNode call |
call = arrayFindCall(pred) and
succ = call and
prop = arrayElement()
)
}
}
}
private import ArrayLibraries
/**
* Classes and predicates modelling various libraries that work on arrays or array-like structures.
*/
private module ArrayLibraries {
private import DataFlow::PseudoProperties
/**
* Gets a call to `Array.from` or a polyfill implementing the same functionality.
*/
DataFlow::CallNode arrayFromCall() {
result = DataFlow::globalVarRef("Array").getAMemberCall("from")
or
result = DataFlow::moduleImport("array-from").getACall()
}
/**
* Gets a call to `Array.prototype.find` or a polyfill implementing the same functionality.
*/
DataFlow::CallNode arrayFindCall(DataFlow::Node array) {
result.(DataFlow::MethodCallNode).getMethodName() = "find" and
array = result.getReceiver()
or
result = DataFlow::moduleImport(["array.prototype.find", "array-find"]).getACall() and
array = result.getArgument(0)
}
/**
* A taint step through the `arrify` library, or other libraries that (maybe) convert values into arrays.
*/
private class ArrayifyStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call | call = API::moduleImport(["arrify", "array-ify"]).getACall() |
pred = call.getArgument(0) and succ = call
)
}
}
/**
* A call to a library that copies the elements of an array into another array.
* E.g. `array-union` that creates a union of multiple arrays, or `array-uniq` that creates an array with unique elements.
*/
DataFlow::CallNode arrayCopyCall(DataFlow::Node array) {
result = API::moduleImport(["array-union", "array-uniq", "uniq"]).getACall() and
array = result.getAnArgument()
}
/**
* A taint step for a library that copies the elements of an array into another array.
*/
private class ArrayCopyTaint extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::CallNode call |
call = arrayCopyCall(pred) and
succ = call
)
}
}
/**
* A loadStoreStep for a library that copies the elements of an array into another array.
*/
private class ArrayCopyLoadStore extends DataFlow::SharedFlowStep {
override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) {
exists(DataFlow::CallNode call |
call = arrayCopyCall(pred) and
succ = call and
prop = arrayElement()
)
}
}
/**
* A taint step through a call to `Array.prototype.flat` or a polyfill implementing array flattening.
*/
private class ArrayFlatStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::CallNode call | succ = call |
call.(DataFlow::MethodCallNode).getMethodName() = "flat" and
pred = call.getReceiver()
or
call =
API::moduleImport(["array-flatten", "arr-flatten", "flatten", "array.prototype.flat"])
.getACall() and
pred = call.getAnArgument()
)
}
}
}

9
javascript/ql/src/semmle/javascript/Extend.qll
View File

@@ -178,11 +178,16 @@ private class ExtendCallTaintStep extends TaintTracking::SharedTaintStep {
private import semmle.javascript.dataflow.internal.PreCallGraphStep
/**
* A step for the `clone` package.
* A step through a cloning library, such as `clone` or `fclone`.
*/
private class CloneStep extends PreCallGraphStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::CallNode call | call = DataFlow::moduleImport("clone").getACall() |
exists(DataFlow::CallNode call |
// `camelcase-keys` isn't quite a cloning library. But it's pretty close.
call = DataFlow::moduleImport(["clone", "fclone", "sort-keys", "camelcase-keys"]).getACall()
or
call = DataFlow::moduleMember("json-cycle", ["decycle", "retrocycle"]).getACall()
|
pred = call.getArgument(0) and
succ = call
)

16
javascript/ql/src/semmle/javascript/JsonParsers.qll
View File

@@ -26,6 +26,10 @@ private class PlainJsonParserCall extends JsonParserCall {
PlainJsonParserCall() {
exists(DataFlow::SourceNode callee | this = callee.getACall() |
callee = DataFlow::globalVarRef("JSON").getAPropertyRead("parse") or
callee =
DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript", "json-cycle"],
"parse") or
callee = API::moduleImport("replicator").getInstance().getMember("decode").getAnImmediateUse() or
callee = DataFlow::moduleImport("parse-json") or
callee = DataFlow::moduleImport("json-parse-better-errors") or
callee = DataFlow::moduleImport("json-safe-parse") or
@@ -74,3 +78,15 @@ private class JsonParserCallWithCallback extends JsonParserCall {
override DataFlow::SourceNode getOutput() { result = getCallback(1).getParameter(1) }
}
/**
* A taint step through the `strip-json-comments` library.
*/
private class StripJsonCommentsStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call | call = API::moduleImport("strip-json-comments").getACall() |
pred = call.getArgument(0) and
succ = call
)
}
}

42
javascript/ql/src/semmle/javascript/JsonStringifiers.qll
View File

@@ -11,12 +11,15 @@ class JsonStringifyCall extends DataFlow::CallNode {
JsonStringifyCall() {
exists(DataFlow::SourceNode callee | this = callee.getACall() |
callee = DataFlow::globalVarRef("JSON").getAPropertyRead("stringify") or
callee = DataFlow::moduleMember("json3", "stringify") or
callee =
DataFlow::moduleMember(["json3", "json5", "flatted", "teleport-javascript", "json-cycle"],
"stringify") or
callee = API::moduleImport("replicator").getInstance().getMember("encode").getAnImmediateUse() or
callee =
DataFlow::moduleImport([
"json-stringify-safe", "json-stable-stringify", "stringify-object",
"fast-json-stable-stringify", "fast-safe-stringify", "javascript-stringify",
"js-stringify"
"js-stringify", "safe-stable-stringify", "fast-json-stringify"
]) or
// require("util").inspect() and similar
callee = DataFlow::moduleMember("util", "inspect") or
@@ -34,3 +37,38 @@ class JsonStringifyCall extends DataFlow::CallNode {
*/
DataFlow::SourceNode getOutput() { result = this }
}
/**
* A taint step through the [`json2csv`](https://www.npmjs.com/package/json2csv) library.
*/
class JSON2CSVTaintStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call |
call =
API::moduleImport("json2csv")
.getMember("Parser")
.getInstance()
.getMember("parse")
.getACall()
|
pred = call.getArgument(0) and
succ = call
)
}
}
/**
* A step through the [`prettyjson`](https://www.npmjs.com/package/prettyjson) library.
* This is not quite a `JSON.stringify` call, as it e.g. does not wrap keys in double quotes.
* It's therefore modelled as a taint-step rather than as a `JSON.stringify` call.
*/
class PrettyJSONTaintStep extends TaintTracking::SharedTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call |
call = API::moduleImport("prettyjson").getMember("render").getACall()
|
pred = call.getArgument(0) and
succ = call
)
}
}

7
javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
View File

@@ -1183,6 +1183,13 @@ private predicate flowThroughCall(
not cfg.isLabeledBarrier(output, summary.getEndLabel())
)
or
exists(Function f, LocalVariable variable |
reachableFromInput(f, _, input, output, cfg, summary) and
output = DataFlow::capturedVariableNode(variable) and
getCapturedVariableDepth(variable) < getContainerDepth(f) and // Only step outwards
not cfg.isLabeledBarrier(output, summary.getEndLabel())
)
or
exists(Function f, DataFlow::Node invk, DataFlow::Node ret |
DataFlow::exceptionalFunctionReturnNode(ret, f) and
DataFlow::exceptionalInvocationReturnNode(output, invk.asExpr()) and

49
javascript/ql/src/semmle/javascript/dataflow/Sources.qll
View File

@@ -347,6 +347,55 @@ module SourceNode {
}
}
private class NodeModuleSourcesNodes extends SourceNode::Range {
Variable v;
NodeModuleSourcesNodes() {
exists(NodeModule m |
this = DataFlow::ssaDefinitionNode(SSA::implicitInit(v)) and
v = [m.getModuleVariable(), m.getExportsVariable()]
)
}
Variable getVariable() { result = v }
}
/**
* A CommonJS/AMD `module` variable.
*/
private class ModuleVarNode extends DataFlow::Node {
Module m;
ModuleVarNode() {
this.(NodeModuleSourcesNodes).getVariable() = m.(NodeModule).getModuleVariable()
or
DataFlow::parameterNode(this, m.(AmdModule).getDefine().getModuleParameter())
}
Module getModule() { result = m }
}
/**
* A CommonJS/AMD `exports` variable.
*/
private class ExportsVarNode extends DataFlow::Node {
Module m;
ExportsVarNode() {
this.(NodeModuleSourcesNodes).getVariable() = m.(NodeModule).getExportsVariable()
or
DataFlow::parameterNode(this, m.(AmdModule).getDefine().getExportsParameter())
}
Module getModule() { result = m }
}
/** Gets the CommonJS/AMD `module` variable for module `m`. */
SourceNode moduleVarNode(Module m) { result.(ModuleVarNode).getModule() = m }
/** Gets the CommonJS/AMD `exports` variable for module `m`. */
SourceNode exportsVarNode(Module m) { result.(ExportsVarNode).getModule() = m }
deprecated class DefaultSourceNode extends SourceNode {
DefaultSourceNode() { this instanceof SourceNode::DefaultRange }
}

19
javascript/ql/src/semmle/javascript/dataflow/internal/FlowSteps.qll
View File

@@ -109,13 +109,30 @@ DataFlow::Node getThrowTarget(DataFlow::Node thrower) {
*/
cached
private module CachedSteps {
/** Gets the nesting depth of the given container, starting with the top-level at 0. */
cached
int getContainerDepth(StmtContainer container) {
not exists(container.getEnclosingContainer()) and
result = 0
or
result = 1 + getContainerDepth(container.getEnclosingContainer())
}
/** Gets the nesting depth of the container declaring the given captured variable. */
cached
int getCapturedVariableDepth(LocalVariable v) {
v.isCaptured() and
result = getContainerDepth(v.getDeclaringContainer())
}
/**
* Holds if `f` captures the given `variable` in `cap`.
*/
cached
predicate captures(Function f, LocalVariable variable, SsaVariableCapture cap) {
variable = cap.getSourceVariable() and
f = cap.getContainer()
f = cap.getContainer() and
not f = variable.getDeclaringContainer()
}
/**

11
javascript/ql/src/semmle/javascript/frameworks/Angular2.qll
View File

@@ -216,20 +216,13 @@ module Angular2 {
}
}
private string getInternalName(string name) {
exists(Identifier id |
result = id.getName() and
name = result.regexpCapture("\\u0275(DomAdapter|getDOM)", 1)
)
}
/** Gets a reference to a `DomAdapter`, which provides acess to raw DOM elements. */
private DataFlow::SourceNode domAdapter() {
// Note: these are internal properties, prefixed with the "latin small letter barred O (U+0275)" character.
// Despite being internal, some codebases do access them.
result.hasUnderlyingType("@angular/common", getInternalName("DomAdapter"))
result.hasUnderlyingType("@angular/common", 629.toUnicode() + "DomAdapter")
or
result = DataFlow::moduleImport("@angular/common").getAMemberCall(getInternalName("getDOM"))
result = DataFlow::moduleImport("@angular/common").getAMemberCall(629.toUnicode() + "getDOM")
}
/** A reference to the DOM location obtained through `DomAdapter.getLocation()`. */

13
javascript/ql/src/semmle/javascript/frameworks/Files.qll
View File

@@ -470,3 +470,16 @@ class Chokidar extends FileNameProducer, FileSystemAccess, API::CallNode {
)
}
}
/**
* A call to the [`mkdirp`](https://www.npmjs.com/package/mkdirp) library.
*/
private class Mkdirp extends FileSystemAccess, API::CallNode {
Mkdirp() {
this = API::moduleImport("mkdirp").getACall()
or
this = API::moduleImport("mkdirp").getMember("sync").getACall()
}
override DataFlow::Node getAPathArgument() { result = getArgument(0) }
}

14
javascript/ql/src/semmle/javascript/frameworks/Logging.qll
View File

@@ -383,3 +383,17 @@ private module Pino {
override DataFlow::Node getAMessageComponent() { result = getAnArgument() }
}
}
/**
* A step through the [`ansi-to-html`](https://npmjs.org/package/ansi-to-html) library.
*/
class AnsiToHtmlStep extends TaintTracking::SharedTaintStep {
override predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call |
call = API::moduleImport("ansi-to-html").getInstance().getMember("toHtml").getACall()
|
pred = call.getArgument(0) and
succ = call
)
}
}

36
javascript/ql/src/semmle/javascript/frameworks/StringFormatters.qll
View File

@@ -103,3 +103,39 @@ private class LibraryFormatter extends PrintfStyleCall {
override predicate returnsFormatted() { returns = true }
}
/**
* A taint step through a case changing function.
*/
private class CaseChangingStep extends TaintTracking::SharedTaintStep {
override predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::SourceNode callee, DataFlow::CallNode call |
callee = DataFlow::moduleMember("change-case", _) or
callee = DataFlow::moduleMember("camel-case", "camelCase") or
callee = DataFlow::moduleMember("pascal-case", "pascalCase") or
callee = DataFlow::moduleMember("snake-case", "snakeCase") or
callee = DataFlow::moduleImport("kebab-case") or
callee = DataFlow::moduleMember("kebab-case", "reverse") or
callee = DataFlow::moduleMember("param-case", "paramCase") or
callee = DataFlow::moduleMember("path-case", "pathCase") or
callee = DataFlow::moduleMember("sentence-case", "sentenceCase") or
callee = DataFlow::moduleMember("title-case", "titleCase") or
callee = DataFlow::moduleMember("upper-case", ["upperCase", "localeUpperCase"]) or
callee = DataFlow::moduleMember("lower-case", ["lowerCase", "localeLowerCase"]) or
callee = DataFlow::moduleMember("no-case", "noCase") or
callee = DataFlow::moduleMember("constant-case", "constantCase") or
callee = DataFlow::moduleMember("dot-case", "dotCase") or
callee = DataFlow::moduleMember("upper-case-first", "upperCaseFirst") or
callee = DataFlow::moduleMember("lower-case-first", "lowerCaseFirst") or
callee = DataFlow::moduleMember("header-case", "headerCase") or
callee = DataFlow::moduleMember("capital-case", "capitalCase") or
callee = DataFlow::moduleMember("swap-case", "swapCase") or
callee = DataFlow::moduleMember("sponge-case", "spongeCase") or
callee = DataFlow::moduleImport(["titleize", "camelcase", "decamelize"])
|
call = callee.getACall() and
pred = call.getArgument(0) and
succ = call
)
}
}

90
javascript/ql/src/semmle/javascript/frameworks/UriLibraries.qll
View File

@@ -96,13 +96,8 @@ module uridashjs {
*/
private class Step extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(string name, DataFlow::CallNode call |
name = "parse" or
name = "serialize" or
name = "resolve" or
name = "normalize"
|
call = uridashjsMember(name).getACall() and
exists(DataFlow::CallNode call |
call = uridashjsMember(["parse", "serialize", "resolve", "normalize"]).getACall() and
pred = call.getAnArgument() and
succ = call
)
@@ -126,13 +121,8 @@ module punycode {
*/
private class Step extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(string name, DataFlow::CallNode call |
name = "decode" or
name = "encode" or
name = "toUnicode" or
name = "toASCII"
|
call = punycodeMember(name).getACall() and
exists(DataFlow::CallNode call |
call = punycodeMember(["decode", "encode", "toUnicode", "toASCII"]).getACall() and
pred = call.getAnArgument() and
succ = call
)
@@ -193,11 +183,8 @@ module querystringify {
*/
private class Step extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(string name, DataFlow::CallNode call |
name = "parse" or
name = "stringify"
|
call = querystringifyMember(name).getACall() and
exists(DataFlow::CallNode call |
call = querystringifyMember(["parse", "stringify"]).getACall() and
pred = call.getAnArgument() and
succ = call
)
@@ -221,13 +208,8 @@ module querydashstring {
*/
private class Step extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(string name, DataFlow::CallNode call |
name = "parse" or
name = "extract" or
name = "parseUrl" or
name = "stringify"
|
call = querydashstringMember(name).getACall() and
exists(DataFlow::CallNode call |
call = querydashstringMember(["parse", "extract", "parseUrl", "stringify"]).getACall() and
pred = call.getAnArgument() and
succ = call
)
@@ -249,12 +231,8 @@ module url {
*/
private class Step extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(string name, DataFlow::CallNode call |
name = "parse" or
name = "format" or
name = "resolve"
|
call = urlMember(name).getACall() and
exists(DataFlow::CallNode call |
call = urlMember(["parse", "format", "resolve"]).getACall() and
pred = call.getAnArgument() and
succ = call
)
@@ -278,13 +256,8 @@ module querystring {
*/
private class Step extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(string name, DataFlow::CallNode call |
name = "escape" or
name = "unescape" or
name = "parse" or
name = "stringify"
|
call = querystringMember(name).getACall() and
exists(DataFlow::CallNode call |
call = querystringMember(["escape", "unescape", "parse", "stringify"]).getACall() and
pred = call.getAnArgument() and
succ = call
)
@@ -292,6 +265,45 @@ module querystring {
}
}
/**
* A taint step through a call to [qs](https://npmjs.com/package/qs)
*/
private class QsStep extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call |
call = API::moduleImport("qs").getMember(["parse", "stringify"]).getACall()
|
pred = call.getArgument(0) and
succ = call
)
}
}
/**
* A taint step through a call to [normalize-url](https://npmjs.com/package/normalize-url)
*/
private class NormalizeUrlStep extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call | call = API::moduleImport("normalize-url").getACall() |
pred = call.getArgument(0) and
succ = call
)
}
}
/**
* A taint step through a call to [parseqs](https://npmjs.com/package/parseqs).
*/
private class ParseQsStep extends TaintTracking::SharedTaintStep {
override predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(API::CallNode call |
call = API::moduleImport("parseqs").getMember(["encode", "decode"]).getACall() and
pred = call.getArgument(0) and
succ = call
)
}
}
/**
* Provides steps for the `goog.Uri` class in the closure library.
*/

10
javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
View File

@@ -169,13 +169,19 @@ module CodeInjection {
}
/**
* The first argument to `Module.prototype._compile` from the Node.js built-in module `module`,
* considered as a code-injection sink.
* The first argument to `Module.prototype._compile`, considered as a code-injection sink.
*/
class ModuleCompileSink extends Sink {
ModuleCompileSink() {
// `require('module').prototype._compile`
this =
API::moduleImport("module").getInstance().getMember("_compile").getACall().getArgument(0)
or
// `module.constructor.prototype._compile`
exists(DataFlow::SourceNode moduleConstructor |
moduleConstructor = DataFlow::moduleVarNode(_).getAPropertyRead("constructor") and
this = moduleConstructor.getAnInstantiation().getAMethodCall("_compile").getArgument(0)
)
}
}

20
javascript/ql/src/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
View File

@@ -682,6 +682,20 @@ module TaintedPath {
}
}
/**
* The `cwd` option for the `read-pkg` library.
*/
private class ReadPkgCwdSink extends TaintedPath::Sink {
ReadPkgCwdSink() {
this =
API::moduleImport("read-pkg")
.getMember(["readPackageAsync", "readPackageSync"])
.getParameter(0)
.getMember("cwd")
.getARhs()
}
}
/**
* Holds if there is a step `src -> dst` mapping `srclabel` to `dstlabel` relevant for path traversal vulnerabilities.
*/
@@ -798,6 +812,12 @@ module TaintedPath {
srclabel instanceof Label::SplitPath and
dstlabel.(Label::PosixPath).canContainDotDotSlash()
)
or
exists(API::CallNode call | call = API::moduleImport("slash").getACall() |
src = call.getArgument(0) and
dst = call and
srclabel = dstlabel
)
}
/**

14
javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -318,6 +318,20 @@ module DomBasedXss {
}
}
/**
* A React tooltip where the `data-html` attribute is set to `true`.
*/
class TooltipSink extends Sink {
TooltipSink() {
exists(JSXElement el |
el.getAttributeByName("data-html").getStringValue() = "true" or
el.getAttributeByName("data-html").getValue().mayHaveBooleanValue(true)
|
this = el.getAttributeByName("data-tip").getValue().flow()
)
}
}
/**
* The HTML body of an email, viewed as an XSS sink.
*/

4
javascript/ql/test/library-tests/Arrays/DataFlow.expected
View File

@@ -7,6 +7,10 @@
| arrays.js:2:16:2:23 | "source" | arrays.js:56:10:56:10 | x |
| arrays.js:2:16:2:23 | "source" | arrays.js:60:10:60:10 | x |
| arrays.js:2:16:2:23 | "source" | arrays.js:66:10:66:10 | x |
| arrays.js:2:16:2:23 | "source" | arrays.js:71:10:71:10 | x |
| arrays.js:2:16:2:23 | "source" | arrays.js:74:8:74:29 | arr.fin ... llback) |
| arrays.js:2:16:2:23 | "source" | arrays.js:77:8:77:35 | arrayFi ... llback) |
| arrays.js:2:16:2:23 | "source" | arrays.js:81:10:81:10 | x |
| arrays.js:18:22:18:29 | "source" | arrays.js:18:50:18:50 | e |
| arrays.js:22:15:22:22 | "source" | arrays.js:23:8:23:17 | arr2.pop() |
| arrays.js:25:15:25:22 | "source" | arrays.js:26:8:26:17 | arr3.pop() |

15
javascript/ql/test/library-tests/Arrays/arrays.js
View File

@@ -65,4 +65,19 @@
for (const x of arr7) {
sink(x); // NOT OK
}
const arrayFrom = require("array-from");
for (const x of arrayFrom(arr)) {
sink(x); // NOT OK
}
sink(arr.find(someCallback)); // NOT OK
const arrayFind = require("array-find");
sink(arrayFind(arr, someCallback)); // NOT OK
const uniq = require("uniq");
for (const x of uniq(arr)) {
sink(x); // NOT OK
}
});

350
javascript/ql/test/library-tests/Arrays/printAst.expected
View File

@@ -1,9 +1,9 @@
nodes
| arrays.js:1:1:68:2 | [ParExpr] (functi ... } }) | semmle.label | [ParExpr] (functi ... } }) |
| arrays.js:1:1:68:3 | [ExprStmt] (functi ... } }); | semmle.label | [ExprStmt] (functi ... } }); |
| arrays.js:1:1:68:3 | [ExprStmt] (functi ... } }); | semmle.order | 1 |
| arrays.js:1:2:68:1 | [FunctionExpr] functio ... K } } | semmle.label | [FunctionExpr] functio ... K } } |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | semmle.label | [BlockStmt] { let ... K } } |
| arrays.js:1:1:83:2 | [ParExpr] (functi ... } }) | semmle.label | [ParExpr] (functi ... } }) |
| arrays.js:1:1:83:3 | [ExprStmt] (functi ... } }); | semmle.label | [ExprStmt] (functi ... } }); |
| arrays.js:1:1:83:3 | [ExprStmt] (functi ... } }); | semmle.order | 1 |
| arrays.js:1:2:83:1 | [FunctionExpr] functio ... K } } | semmle.label | [FunctionExpr] functio ... K } } |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | semmle.label | [BlockStmt] { let ... K } } |
| arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | [DeclStmt] let source = ... |
| arrays.js:2:7:2:12 | [VarDecl] source | semmle.label | [VarDecl] source |
| arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.label | [VariableDeclarator] source = "source" |
@@ -282,6 +282,74 @@ nodes
| arrays.js:66:5:66:11 | [CallExpr] sink(x) | semmle.label | [CallExpr] sink(x) |
| arrays.js:66:5:66:12 | [ExprStmt] sink(x); | semmle.label | [ExprStmt] sink(x); |
| arrays.js:66:10:66:10 | [VarRef] x | semmle.label | [VarRef] x |
| arrays.js:69:3:69:42 | [DeclStmt] const arrayFrom = ... | semmle.label | [DeclStmt] const arrayFrom = ... |
| arrays.js:69:9:69:17 | [VarDecl] arrayFrom | semmle.label | [VarDecl] arrayFrom |
| arrays.js:69:9:69:41 | [VariableDeclarator] arrayFr ... -from") | semmle.label | [VariableDeclarator] arrayFr ... -from") |
| arrays.js:69:21:69:27 | [VarRef] require | semmle.label | [VarRef] require |
| arrays.js:69:21:69:41 | [CallExpr] require ... -from") | semmle.label | [CallExpr] require ... -from") |
| arrays.js:69:29:69:40 | [Literal] "array-from" | semmle.label | [Literal] "array-from" |
| arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | semmle.label | [ForOfStmt] for (co ... OK } |
| arrays.js:70:8:70:14 | [DeclStmt] const x = ... | semmle.label | [DeclStmt] const x = ... |
| arrays.js:70:14:70:14 | [VarDecl] x | semmle.label | [VarDecl] x |
| arrays.js:70:14:70:14 | [VariableDeclarator] x | semmle.label | [VariableDeclarator] x |
| arrays.js:70:19:70:27 | [VarRef] arrayFrom | semmle.label | [VarRef] arrayFrom |
| arrays.js:70:19:70:32 | [CallExpr] arrayFrom(arr) | semmle.label | [CallExpr] arrayFrom(arr) |
| arrays.js:70:29:70:31 | [VarRef] arr | semmle.label | [VarRef] arr |
| arrays.js:70:35:72:3 | [BlockStmt] { s ... OK } | semmle.label | [BlockStmt] { s ... OK } |
| arrays.js:71:5:71:8 | [VarRef] sink | semmle.label | [VarRef] sink |
| arrays.js:71:5:71:11 | [CallExpr] sink(x) | semmle.label | [CallExpr] sink(x) |
| arrays.js:71:5:71:12 | [ExprStmt] sink(x); | semmle.label | [ExprStmt] sink(x); |
| arrays.js:71:10:71:10 | [VarRef] x | semmle.label | [VarRef] x |
| arrays.js:74:3:74:6 | [VarRef] sink | semmle.label | [VarRef] sink |
| arrays.js:74:3:74:30 | [CallExpr] sink(ar ... lback)) | semmle.label | [CallExpr] sink(ar ... lback)) |
| arrays.js:74:3:74:31 | [ExprStmt] sink(ar ... back)); | semmle.label | [ExprStmt] sink(ar ... back)); |
| arrays.js:74:8:74:10 | [VarRef] arr | semmle.label | [VarRef] arr |
| arrays.js:74:8:74:15 | [DotExpr] arr.find | semmle.label | [DotExpr] arr.find |
| arrays.js:74:8:74:29 | [MethodCallExpr] arr.fin ... llback) | semmle.label | [MethodCallExpr] arr.fin ... llback) |
| arrays.js:74:12:74:15 | [Label] find | semmle.label | [Label] find |
| arrays.js:74:17:74:28 | [VarRef] someCallback | semmle.label | [VarRef] someCallback |
| arrays.js:76:3:76:42 | [DeclStmt] const arrayFind = ... | semmle.label | [DeclStmt] const arrayFind = ... |
| arrays.js:76:9:76:17 | [VarDecl] arrayFind | semmle.label | [VarDecl] arrayFind |
| arrays.js:76:9:76:41 | [VariableDeclarator] arrayFi ... -find") | semmle.label | [VariableDeclarator] arrayFi ... -find") |
| arrays.js:76:21:76:27 | [VarRef] require | semmle.label | [VarRef] require |
| arrays.js:76:21:76:41 | [CallExpr] require ... -find") | semmle.label | [CallExpr] require ... -find") |
| arrays.js:76:29:76:40 | [Literal] "array-find" | semmle.label | [Literal] "array-find" |
| arrays.js:77:3:77:6 | [VarRef] sink | semmle.label | [VarRef] sink |
| arrays.js:77:3:77:36 | [CallExpr] sink(ar ... lback)) | semmle.label | [CallExpr] sink(ar ... lback)) |
| arrays.js:77:3:77:37 | [ExprStmt] sink(ar ... back)); | semmle.label | [ExprStmt] sink(ar ... back)); |
| arrays.js:77:8:77:16 | [VarRef] arrayFind | semmle.label | [VarRef] arrayFind |
| arrays.js:77:8:77:35 | [CallExpr] arrayFi ... llback) | semmle.label | [CallExpr] arrayFi ... llback) |
| arrays.js:77:18:77:20 | [VarRef] arr | semmle.label | [VarRef] arr |
| arrays.js:77:23:77:34 | [VarRef] someCallback | semmle.label | [VarRef] someCallback |
| arrays.js:79:3:79:31 | [DeclStmt] const uniq = ... | semmle.label | [DeclStmt] const uniq = ... |
| arrays.js:79:9:79:12 | [VarDecl] uniq | semmle.label | [VarDecl] uniq |
| arrays.js:79:9:79:30 | [VariableDeclarator] uniq = ... "uniq") | semmle.label | [VariableDeclarator] uniq = ... "uniq") |
| arrays.js:79:16:79:22 | [VarRef] require | semmle.label | [VarRef] require |
| arrays.js:79:16:79:30 | [CallExpr] require("uniq") | semmle.label | [CallExpr] require("uniq") |
| arrays.js:79:24:79:29 | [Literal] "uniq" | semmle.label | [Literal] "uniq" |
| arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | semmle.label | [ForOfStmt] for (co ... OK } |
| arrays.js:80:8:80:14 | [DeclStmt] const x = ... | semmle.label | [DeclStmt] const x = ... |
| arrays.js:80:14:80:14 | [VarDecl] x | semmle.label | [VarDecl] x |
| arrays.js:80:14:80:14 | [VariableDeclarator] x | semmle.label | [VariableDeclarator] x |
| arrays.js:80:19:80:22 | [VarRef] uniq | semmle.label | [VarRef] uniq |
| arrays.js:80:19:80:27 | [CallExpr] uniq(arr) | semmle.label | [CallExpr] uniq(arr) |
| arrays.js:80:24:80:26 | [VarRef] arr | semmle.label | [VarRef] arr |
| arrays.js:80:30:82:3 | [BlockStmt] { s ... OK } | semmle.label | [BlockStmt] { s ... OK } |
| arrays.js:81:5:81:8 | [VarRef] sink | semmle.label | [VarRef] sink |
| arrays.js:81:5:81:11 | [CallExpr] sink(x) | semmle.label | [CallExpr] sink(x) |
| arrays.js:81:5:81:12 | [ExprStmt] sink(x); | semmle.label | [ExprStmt] sink(x); |
| arrays.js:81:10:81:10 | [VarRef] x | semmle.label | [VarRef] x |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
| file://:0:0:0:0 | (Arguments) | semmle.label | (Arguments) |
@@ -318,74 +386,88 @@ nodes
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
| file://:0:0:0:0 | (Parameters) | semmle.label | (Parameters) |
edges
| arrays.js:1:1:68:2 | [ParExpr] (functi ... } }) | arrays.js:1:2:68:1 | [FunctionExpr] functio ... K } } | semmle.label | 1 |
| arrays.js:1:1:68:2 | [ParExpr] (functi ... } }) | arrays.js:1:2:68:1 | [FunctionExpr] functio ... K } } | semmle.order | 1 |
| arrays.js:1:1:68:3 | [ExprStmt] (functi ... } }); | arrays.js:1:1:68:2 | [ParExpr] (functi ... } }) | semmle.label | 1 |
| arrays.js:1:1:68:3 | [ExprStmt] (functi ... } }); | arrays.js:1:1:68:2 | [ParExpr] (functi ... } }) | semmle.order | 1 |
| arrays.js:1:2:68:1 | [FunctionExpr] functio ... K } } | arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | semmle.label | 5 |
| arrays.js:1:2:68:1 | [FunctionExpr] functio ... K } } | arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | semmle.order | 5 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | 1 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.order | 1 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.label | 2 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.order | 2 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.label | 3 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.order | 3 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.label | 4 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.order | 4 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.label | 5 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.order | 5 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.label | 6 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.order | 6 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.label | 7 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.order | 7 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.label | 8 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.order | 8 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.label | 9 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.order | 9 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.label | 10 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.order | 10 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.label | 11 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.order | 11 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.label | 12 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.order | 12 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.label | 13 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.order | 13 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.label | 14 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.order | 14 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.label | 15 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.order | 15 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.label | 16 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.order | 16 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.label | 17 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.order | 17 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:32:3:32:29 | [DeclStmt] var arr5 = ... | semmle.label | 18 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:32:3:32:29 | [DeclStmt] var arr5 = ... | semmle.order | 18 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:33:3:33:19 | [ExprStmt] sink(arr5.pop()); | semmle.label | 19 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:33:3:33:19 | [ExprStmt] sink(arr5.pop()); | semmle.order | 19 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:35:3:35:28 | [ExprStmt] sink(ar ... pop()); | semmle.label | 20 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:35:3:35:28 | [ExprStmt] sink(ar ... pop()); | semmle.order | 20 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:37:3:37:16 | [DeclStmt] var arr6 = ... | semmle.label | 21 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:37:3:37:16 | [DeclStmt] var arr6 = ... | semmle.order | 21 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:38:3:40:3 | [ForStmt] for (va ... i]; } | semmle.label | 22 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:38:3:40:3 | [ForStmt] for (va ... i]; } | semmle.order | 22 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:41:3:41:19 | [ExprStmt] sink(arr6.pop()); | semmle.label | 23 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:41:3:41:19 | [ExprStmt] sink(arr6.pop()); | semmle.order | 23 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:44:3:47:5 | [ExprStmt] ["sourc ... . }); | semmle.label | 24 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:44:3:47:5 | [ExprStmt] ["sourc ... . }); | semmle.order | 24 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:49:3:49:15 | [ExprStmt] sink(arr[0]); | semmle.label | 25 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:49:3:49:15 | [ExprStmt] sink(arr[0]); | semmle.order | 25 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:51:3:53:3 | [ForOfStmt] for (co ... OK } | semmle.label | 26 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:51:3:53:3 | [ForOfStmt] for (co ... OK } | semmle.order | 26 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:55:3:57:3 | [ForOfStmt] for (co ... OK } | semmle.label | 27 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:55:3:57:3 | [ForOfStmt] for (co ... OK } | semmle.order | 27 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:59:3:61:3 | [ForOfStmt] for (co ... OK } | semmle.label | 28 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:59:3:61:3 | [ForOfStmt] for (co ... OK } | semmle.order | 28 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:63:3:63:16 | [DeclStmt] var arr7 = ... | semmle.label | 29 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:63:3:63:16 | [DeclStmt] var arr7 = ... | semmle.order | 29 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:64:3:64:20 | [ExprStmt] arr7.push(...arr); | semmle.label | 30 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:64:3:64:20 | [ExprStmt] arr7.push(...arr); | semmle.order | 30 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:65:3:67:3 | [ForOfStmt] for (co ... OK } | semmle.label | 31 |
| arrays.js:1:14:68:1 | [BlockStmt] { let ... K } } | arrays.js:65:3:67:3 | [ForOfStmt] for (co ... OK } | semmle.order | 31 |
| arrays.js:1:1:83:2 | [ParExpr] (functi ... } }) | arrays.js:1:2:83:1 | [FunctionExpr] functio ... K } } | semmle.label | 1 |
| arrays.js:1:1:83:2 | [ParExpr] (functi ... } }) | arrays.js:1:2:83:1 | [FunctionExpr] functio ... K } } | semmle.order | 1 |
| arrays.js:1:1:83:3 | [ExprStmt] (functi ... } }); | arrays.js:1:1:83:2 | [ParExpr] (functi ... } }) | semmle.label | 1 |
| arrays.js:1:1:83:3 | [ExprStmt] (functi ... } }); | arrays.js:1:1:83:2 | [ParExpr] (functi ... } }) | semmle.order | 1 |
| arrays.js:1:2:83:1 | [FunctionExpr] functio ... K } } | arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | semmle.label | 5 |
| arrays.js:1:2:83:1 | [FunctionExpr] functio ... K } } | arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | semmle.order | 5 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.label | 1 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:2:3:2:24 | [DeclStmt] let source = ... | semmle.order | 1 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.label | 2 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:4:3:4:28 | [DeclStmt] var obj = ... | semmle.order | 2 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.label | 3 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:5:3:5:16 | [ExprStmt] sink(obj.foo); | semmle.order | 3 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.label | 4 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:7:3:7:15 | [DeclStmt] var arr = ... | semmle.order | 4 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.label | 5 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:8:3:8:19 | [ExprStmt] arr.push(source); | semmle.order | 5 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.label | 6 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:10:3:12:3 | [ForStmt] for (va ... OK } | semmle.order | 6 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.label | 7 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:15:3:15:30 | [ExprStmt] arr.for ... nk(e)); | semmle.order | 7 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.label | 8 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:16:3:16:26 | [ExprStmt] arr.map ... nk(e)); | semmle.order | 8 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.label | 9 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:18:3:18:53 | [ExprStmt] [1, 2, ... nk(e)); | semmle.order | 9 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.label | 10 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:20:3:20:18 | [ExprStmt] sink(arr.pop()); | semmle.order | 10 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.label | 11 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:22:3:22:24 | [DeclStmt] var arr2 = ... | semmle.order | 11 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.label | 12 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:23:3:23:19 | [ExprStmt] sink(arr2.pop()); | semmle.order | 12 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.label | 13 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:25:3:25:24 | [DeclStmt] var arr3 = ... | semmle.order | 13 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.label | 14 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:26:3:26:19 | [ExprStmt] sink(arr3.pop()); | semmle.order | 14 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.label | 15 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:28:3:28:16 | [DeclStmt] var arr4 = ... | semmle.order | 15 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.label | 16 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:29:3:29:30 | [ExprStmt] arr4.sp ... urce"); | semmle.order | 16 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.label | 17 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:30:3:30:19 | [ExprStmt] sink(arr4.pop()); | semmle.order | 17 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:32:3:32:29 | [DeclStmt] var arr5 = ... | semmle.label | 18 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:32:3:32:29 | [DeclStmt] var arr5 = ... | semmle.order | 18 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:33:3:33:19 | [ExprStmt] sink(arr5.pop()); | semmle.label | 19 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:33:3:33:19 | [ExprStmt] sink(arr5.pop()); | semmle.order | 19 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:35:3:35:28 | [ExprStmt] sink(ar ... pop()); | semmle.label | 20 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:35:3:35:28 | [ExprStmt] sink(ar ... pop()); | semmle.order | 20 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:37:3:37:16 | [DeclStmt] var arr6 = ... | semmle.label | 21 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:37:3:37:16 | [DeclStmt] var arr6 = ... | semmle.order | 21 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:38:3:40:3 | [ForStmt] for (va ... i]; } | semmle.label | 22 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:38:3:40:3 | [ForStmt] for (va ... i]; } | semmle.order | 22 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:41:3:41:19 | [ExprStmt] sink(arr6.pop()); | semmle.label | 23 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:41:3:41:19 | [ExprStmt] sink(arr6.pop()); | semmle.order | 23 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:44:3:47:5 | [ExprStmt] ["sourc ... . }); | semmle.label | 24 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:44:3:47:5 | [ExprStmt] ["sourc ... . }); | semmle.order | 24 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:49:3:49:15 | [ExprStmt] sink(arr[0]); | semmle.label | 25 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:49:3:49:15 | [ExprStmt] sink(arr[0]); | semmle.order | 25 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:51:3:53:3 | [ForOfStmt] for (co ... OK } | semmle.label | 26 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:51:3:53:3 | [ForOfStmt] for (co ... OK } | semmle.order | 26 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:55:3:57:3 | [ForOfStmt] for (co ... OK } | semmle.label | 27 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:55:3:57:3 | [ForOfStmt] for (co ... OK } | semmle.order | 27 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:59:3:61:3 | [ForOfStmt] for (co ... OK } | semmle.label | 28 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:59:3:61:3 | [ForOfStmt] for (co ... OK } | semmle.order | 28 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:63:3:63:16 | [DeclStmt] var arr7 = ... | semmle.label | 29 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:63:3:63:16 | [DeclStmt] var arr7 = ... | semmle.order | 29 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:64:3:64:20 | [ExprStmt] arr7.push(...arr); | semmle.label | 30 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:64:3:64:20 | [ExprStmt] arr7.push(...arr); | semmle.order | 30 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:65:3:67:3 | [ForOfStmt] for (co ... OK } | semmle.label | 31 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:65:3:67:3 | [ForOfStmt] for (co ... OK } | semmle.order | 31 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:69:3:69:42 | [DeclStmt] const arrayFrom = ... | semmle.label | 32 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:69:3:69:42 | [DeclStmt] const arrayFrom = ... | semmle.order | 32 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | semmle.label | 33 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | semmle.order | 33 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:74:3:74:31 | [ExprStmt] sink(ar ... back)); | semmle.label | 34 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:74:3:74:31 | [ExprStmt] sink(ar ... back)); | semmle.order | 34 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:76:3:76:42 | [DeclStmt] const arrayFind = ... | semmle.label | 35 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:76:3:76:42 | [DeclStmt] const arrayFind = ... | semmle.order | 35 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:77:3:77:37 | [ExprStmt] sink(ar ... back)); | semmle.label | 36 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:77:3:77:37 | [ExprStmt] sink(ar ... back)); | semmle.order | 36 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:79:3:79:31 | [DeclStmt] const uniq = ... | semmle.label | 37 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:79:3:79:31 | [DeclStmt] const uniq = ... | semmle.order | 37 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | semmle.label | 38 |
| arrays.js:1:14:83:1 | [BlockStmt] { let ... K } } | arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | semmle.order | 38 |
| arrays.js:2:3:2:24 | [DeclStmt] let source = ... | arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.label | 1 |
| arrays.js:2:3:2:24 | [DeclStmt] let source = ... | arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | semmle.order | 1 |
| arrays.js:2:7:2:23 | [VariableDeclarator] source = "source" | arrays.js:2:7:2:12 | [VarDecl] source | semmle.label | 1 |
@@ -872,6 +954,104 @@ edges
| arrays.js:66:5:66:11 | [CallExpr] sink(x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:66:5:66:12 | [ExprStmt] sink(x); | arrays.js:66:5:66:11 | [CallExpr] sink(x) | semmle.label | 1 |
| arrays.js:66:5:66:12 | [ExprStmt] sink(x); | arrays.js:66:5:66:11 | [CallExpr] sink(x) | semmle.order | 1 |
| arrays.js:69:3:69:42 | [DeclStmt] const arrayFrom = ... | arrays.js:69:9:69:41 | [VariableDeclarator] arrayFr ... -from") | semmle.label | 1 |
| arrays.js:69:3:69:42 | [DeclStmt] const arrayFrom = ... | arrays.js:69:9:69:41 | [VariableDeclarator] arrayFr ... -from") | semmle.order | 1 |
| arrays.js:69:9:69:41 | [VariableDeclarator] arrayFr ... -from") | arrays.js:69:9:69:17 | [VarDecl] arrayFrom | semmle.label | 1 |
| arrays.js:69:9:69:41 | [VariableDeclarator] arrayFr ... -from") | arrays.js:69:9:69:17 | [VarDecl] arrayFrom | semmle.order | 1 |
| arrays.js:69:9:69:41 | [VariableDeclarator] arrayFr ... -from") | arrays.js:69:21:69:41 | [CallExpr] require ... -from") | semmle.label | 2 |
| arrays.js:69:9:69:41 | [VariableDeclarator] arrayFr ... -from") | arrays.js:69:21:69:41 | [CallExpr] require ... -from") | semmle.order | 2 |
| arrays.js:69:21:69:41 | [CallExpr] require ... -from") | arrays.js:69:21:69:27 | [VarRef] require | semmle.label | 0 |
| arrays.js:69:21:69:41 | [CallExpr] require ... -from") | arrays.js:69:21:69:27 | [VarRef] require | semmle.order | 0 |
| arrays.js:69:21:69:41 | [CallExpr] require ... -from") | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:69:21:69:41 | [CallExpr] require ... -from") | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | arrays.js:70:8:70:14 | [DeclStmt] const x = ... | semmle.label | 1 |
| arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | arrays.js:70:8:70:14 | [DeclStmt] const x = ... | semmle.order | 1 |
| arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | arrays.js:70:19:70:32 | [CallExpr] arrayFrom(arr) | semmle.label | 2 |
| arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | arrays.js:70:19:70:32 | [CallExpr] arrayFrom(arr) | semmle.order | 2 |
| arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | arrays.js:70:35:72:3 | [BlockStmt] { s ... OK } | semmle.label | 3 |
| arrays.js:70:3:72:3 | [ForOfStmt] for (co ... OK } | arrays.js:70:35:72:3 | [BlockStmt] { s ... OK } | semmle.order | 3 |
| arrays.js:70:8:70:14 | [DeclStmt] const x = ... | arrays.js:70:14:70:14 | [VariableDeclarator] x | semmle.label | 1 |
| arrays.js:70:8:70:14 | [DeclStmt] const x = ... | arrays.js:70:14:70:14 | [VariableDeclarator] x | semmle.order | 1 |
| arrays.js:70:14:70:14 | [VariableDeclarator] x | arrays.js:70:14:70:14 | [VarDecl] x | semmle.label | 1 |
| arrays.js:70:14:70:14 | [VariableDeclarator] x | arrays.js:70:14:70:14 | [VarDecl] x | semmle.order | 1 |
| arrays.js:70:19:70:32 | [CallExpr] arrayFrom(arr) | arrays.js:70:19:70:27 | [VarRef] arrayFrom | semmle.label | 0 |
| arrays.js:70:19:70:32 | [CallExpr] arrayFrom(arr) | arrays.js:70:19:70:27 | [VarRef] arrayFrom | semmle.order | 0 |
| arrays.js:70:19:70:32 | [CallExpr] arrayFrom(arr) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:70:19:70:32 | [CallExpr] arrayFrom(arr) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:70:35:72:3 | [BlockStmt] { s ... OK } | arrays.js:71:5:71:12 | [ExprStmt] sink(x); | semmle.label | 1 |
| arrays.js:70:35:72:3 | [BlockStmt] { s ... OK } | arrays.js:71:5:71:12 | [ExprStmt] sink(x); | semmle.order | 1 |
| arrays.js:71:5:71:11 | [CallExpr] sink(x) | arrays.js:71:5:71:8 | [VarRef] sink | semmle.label | 0 |
| arrays.js:71:5:71:11 | [CallExpr] sink(x) | arrays.js:71:5:71:8 | [VarRef] sink | semmle.order | 0 |
| arrays.js:71:5:71:11 | [CallExpr] sink(x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:71:5:71:11 | [CallExpr] sink(x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:71:5:71:12 | [ExprStmt] sink(x); | arrays.js:71:5:71:11 | [CallExpr] sink(x) | semmle.label | 1 |
| arrays.js:71:5:71:12 | [ExprStmt] sink(x); | arrays.js:71:5:71:11 | [CallExpr] sink(x) | semmle.order | 1 |
| arrays.js:74:3:74:30 | [CallExpr] sink(ar ... lback)) | arrays.js:74:3:74:6 | [VarRef] sink | semmle.label | 0 |
| arrays.js:74:3:74:30 | [CallExpr] sink(ar ... lback)) | arrays.js:74:3:74:6 | [VarRef] sink | semmle.order | 0 |
| arrays.js:74:3:74:30 | [CallExpr] sink(ar ... lback)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:74:3:74:30 | [CallExpr] sink(ar ... lback)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:74:3:74:31 | [ExprStmt] sink(ar ... back)); | arrays.js:74:3:74:30 | [CallExpr] sink(ar ... lback)) | semmle.label | 1 |
| arrays.js:74:3:74:31 | [ExprStmt] sink(ar ... back)); | arrays.js:74:3:74:30 | [CallExpr] sink(ar ... lback)) | semmle.order | 1 |
| arrays.js:74:8:74:15 | [DotExpr] arr.find | arrays.js:74:8:74:10 | [VarRef] arr | semmle.label | 1 |
| arrays.js:74:8:74:15 | [DotExpr] arr.find | arrays.js:74:8:74:10 | [VarRef] arr | semmle.order | 1 |
| arrays.js:74:8:74:15 | [DotExpr] arr.find | arrays.js:74:12:74:15 | [Label] find | semmle.label | 2 |
| arrays.js:74:8:74:15 | [DotExpr] arr.find | arrays.js:74:12:74:15 | [Label] find | semmle.order | 2 |
| arrays.js:74:8:74:29 | [MethodCallExpr] arr.fin ... llback) | arrays.js:74:8:74:15 | [DotExpr] arr.find | semmle.label | 0 |
| arrays.js:74:8:74:29 | [MethodCallExpr] arr.fin ... llback) | arrays.js:74:8:74:15 | [DotExpr] arr.find | semmle.order | 0 |
| arrays.js:74:8:74:29 | [MethodCallExpr] arr.fin ... llback) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:74:8:74:29 | [MethodCallExpr] arr.fin ... llback) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:76:3:76:42 | [DeclStmt] const arrayFind = ... | arrays.js:76:9:76:41 | [VariableDeclarator] arrayFi ... -find") | semmle.label | 1 |
| arrays.js:76:3:76:42 | [DeclStmt] const arrayFind = ... | arrays.js:76:9:76:41 | [VariableDeclarator] arrayFi ... -find") | semmle.order | 1 |
| arrays.js:76:9:76:41 | [VariableDeclarator] arrayFi ... -find") | arrays.js:76:9:76:17 | [VarDecl] arrayFind | semmle.label | 1 |
| arrays.js:76:9:76:41 | [VariableDeclarator] arrayFi ... -find") | arrays.js:76:9:76:17 | [VarDecl] arrayFind | semmle.order | 1 |
| arrays.js:76:9:76:41 | [VariableDeclarator] arrayFi ... -find") | arrays.js:76:21:76:41 | [CallExpr] require ... -find") | semmle.label | 2 |
| arrays.js:76:9:76:41 | [VariableDeclarator] arrayFi ... -find") | arrays.js:76:21:76:41 | [CallExpr] require ... -find") | semmle.order | 2 |
| arrays.js:76:21:76:41 | [CallExpr] require ... -find") | arrays.js:76:21:76:27 | [VarRef] require | semmle.label | 0 |
| arrays.js:76:21:76:41 | [CallExpr] require ... -find") | arrays.js:76:21:76:27 | [VarRef] require | semmle.order | 0 |
| arrays.js:76:21:76:41 | [CallExpr] require ... -find") | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:76:21:76:41 | [CallExpr] require ... -find") | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:77:3:77:36 | [CallExpr] sink(ar ... lback)) | arrays.js:77:3:77:6 | [VarRef] sink | semmle.label | 0 |
| arrays.js:77:3:77:36 | [CallExpr] sink(ar ... lback)) | arrays.js:77:3:77:6 | [VarRef] sink | semmle.order | 0 |
| arrays.js:77:3:77:36 | [CallExpr] sink(ar ... lback)) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:77:3:77:36 | [CallExpr] sink(ar ... lback)) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:77:3:77:37 | [ExprStmt] sink(ar ... back)); | arrays.js:77:3:77:36 | [CallExpr] sink(ar ... lback)) | semmle.label | 1 |
| arrays.js:77:3:77:37 | [ExprStmt] sink(ar ... back)); | arrays.js:77:3:77:36 | [CallExpr] sink(ar ... lback)) | semmle.order | 1 |
| arrays.js:77:8:77:35 | [CallExpr] arrayFi ... llback) | arrays.js:77:8:77:16 | [VarRef] arrayFind | semmle.label | 0 |
| arrays.js:77:8:77:35 | [CallExpr] arrayFi ... llback) | arrays.js:77:8:77:16 | [VarRef] arrayFind | semmle.order | 0 |
| arrays.js:77:8:77:35 | [CallExpr] arrayFi ... llback) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:77:8:77:35 | [CallExpr] arrayFi ... llback) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:79:3:79:31 | [DeclStmt] const uniq = ... | arrays.js:79:9:79:30 | [VariableDeclarator] uniq = ... "uniq") | semmle.label | 1 |
| arrays.js:79:3:79:31 | [DeclStmt] const uniq = ... | arrays.js:79:9:79:30 | [VariableDeclarator] uniq = ... "uniq") | semmle.order | 1 |
| arrays.js:79:9:79:30 | [VariableDeclarator] uniq = ... "uniq") | arrays.js:79:9:79:12 | [VarDecl] uniq | semmle.label | 1 |
| arrays.js:79:9:79:30 | [VariableDeclarator] uniq = ... "uniq") | arrays.js:79:9:79:12 | [VarDecl] uniq | semmle.order | 1 |
| arrays.js:79:9:79:30 | [VariableDeclarator] uniq = ... "uniq") | arrays.js:79:16:79:30 | [CallExpr] require("uniq") | semmle.label | 2 |
| arrays.js:79:9:79:30 | [VariableDeclarator] uniq = ... "uniq") | arrays.js:79:16:79:30 | [CallExpr] require("uniq") | semmle.order | 2 |
| arrays.js:79:16:79:30 | [CallExpr] require("uniq") | arrays.js:79:16:79:22 | [VarRef] require | semmle.label | 0 |
| arrays.js:79:16:79:30 | [CallExpr] require("uniq") | arrays.js:79:16:79:22 | [VarRef] require | semmle.order | 0 |
| arrays.js:79:16:79:30 | [CallExpr] require("uniq") | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:79:16:79:30 | [CallExpr] require("uniq") | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | arrays.js:80:8:80:14 | [DeclStmt] const x = ... | semmle.label | 1 |
| arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | arrays.js:80:8:80:14 | [DeclStmt] const x = ... | semmle.order | 1 |
| arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | arrays.js:80:19:80:27 | [CallExpr] uniq(arr) | semmle.label | 2 |
| arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | arrays.js:80:19:80:27 | [CallExpr] uniq(arr) | semmle.order | 2 |
| arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | arrays.js:80:30:82:3 | [BlockStmt] { s ... OK } | semmle.label | 3 |
| arrays.js:80:3:82:3 | [ForOfStmt] for (co ... OK } | arrays.js:80:30:82:3 | [BlockStmt] { s ... OK } | semmle.order | 3 |
| arrays.js:80:8:80:14 | [DeclStmt] const x = ... | arrays.js:80:14:80:14 | [VariableDeclarator] x | semmle.label | 1 |
| arrays.js:80:8:80:14 | [DeclStmt] const x = ... | arrays.js:80:14:80:14 | [VariableDeclarator] x | semmle.order | 1 |
| arrays.js:80:14:80:14 | [VariableDeclarator] x | arrays.js:80:14:80:14 | [VarDecl] x | semmle.label | 1 |
| arrays.js:80:14:80:14 | [VariableDeclarator] x | arrays.js:80:14:80:14 | [VarDecl] x | semmle.order | 1 |
| arrays.js:80:19:80:27 | [CallExpr] uniq(arr) | arrays.js:80:19:80:22 | [VarRef] uniq | semmle.label | 0 |
| arrays.js:80:19:80:27 | [CallExpr] uniq(arr) | arrays.js:80:19:80:22 | [VarRef] uniq | semmle.order | 0 |
| arrays.js:80:19:80:27 | [CallExpr] uniq(arr) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:80:19:80:27 | [CallExpr] uniq(arr) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:80:30:82:3 | [BlockStmt] { s ... OK } | arrays.js:81:5:81:12 | [ExprStmt] sink(x); | semmle.label | 1 |
| arrays.js:80:30:82:3 | [BlockStmt] { s ... OK } | arrays.js:81:5:81:12 | [ExprStmt] sink(x); | semmle.order | 1 |
| arrays.js:81:5:81:11 | [CallExpr] sink(x) | arrays.js:81:5:81:8 | [VarRef] sink | semmle.label | 0 |
| arrays.js:81:5:81:11 | [CallExpr] sink(x) | arrays.js:81:5:81:8 | [VarRef] sink | semmle.order | 0 |
| arrays.js:81:5:81:11 | [CallExpr] sink(x) | file://:0:0:0:0 | (Arguments) | semmle.label | 1 |
| arrays.js:81:5:81:11 | [CallExpr] sink(x) | file://:0:0:0:0 | (Arguments) | semmle.order | 1 |
| arrays.js:81:5:81:12 | [ExprStmt] sink(x); | arrays.js:81:5:81:11 | [CallExpr] sink(x) | semmle.label | 1 |
| arrays.js:81:5:81:12 | [ExprStmt] sink(x); | arrays.js:81:5:81:11 | [CallExpr] sink(x) | semmle.order | 1 |
| file://:0:0:0:0 | (Arguments) | arrays.js:5:8:5:14 | [DotExpr] obj.foo | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:5:8:5:14 | [DotExpr] obj.foo | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:8:12:8:17 | [VarRef] source | semmle.label | 0 |
@@ -936,6 +1116,30 @@ edges
| file://:0:0:0:0 | (Arguments) | arrays.js:64:13:64:18 | [SpreadElement] ...arr | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:66:10:66:10 | [VarRef] x | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:66:10:66:10 | [VarRef] x | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:69:29:69:40 | [Literal] "array-from" | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:69:29:69:40 | [Literal] "array-from" | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:70:29:70:31 | [VarRef] arr | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:70:29:70:31 | [VarRef] arr | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:71:10:71:10 | [VarRef] x | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:71:10:71:10 | [VarRef] x | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:74:8:74:29 | [MethodCallExpr] arr.fin ... llback) | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:74:8:74:29 | [MethodCallExpr] arr.fin ... llback) | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:74:17:74:28 | [VarRef] someCallback | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:74:17:74:28 | [VarRef] someCallback | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:76:29:76:40 | [Literal] "array-find" | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:76:29:76:40 | [Literal] "array-find" | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:77:8:77:35 | [CallExpr] arrayFi ... llback) | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:77:8:77:35 | [CallExpr] arrayFi ... llback) | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:77:18:77:20 | [VarRef] arr | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:77:18:77:20 | [VarRef] arr | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:77:23:77:34 | [VarRef] someCallback | semmle.label | 1 |
| file://:0:0:0:0 | (Arguments) | arrays.js:77:23:77:34 | [VarRef] someCallback | semmle.order | 1 |
| file://:0:0:0:0 | (Arguments) | arrays.js:79:24:79:29 | [Literal] "uniq" | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:79:24:79:29 | [Literal] "uniq" | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:80:24:80:26 | [VarRef] arr | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:80:24:80:26 | [VarRef] arr | semmle.order | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:81:10:81:10 | [VarRef] x | semmle.label | 0 |
| file://:0:0:0:0 | (Arguments) | arrays.js:81:10:81:10 | [VarRef] x | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:15:16:15:16 | [SimpleParameter] e | semmle.label | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:15:16:15:16 | [SimpleParameter] e | semmle.order | 0 |
| file://:0:0:0:0 | (Parameters) | arrays.js:16:12:16:12 | [SimpleParameter] e | semmle.label | 0 |

23
javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected
View File

@@ -12,6 +12,10 @@ typeInferenceMismatch
| array-mutation.js:31:33:31:40 | source() | array-mutation.js:32:8:32:8 | h |
| array-mutation.js:35:36:35:43 | source() | array-mutation.js:36:8:36:8 | i |
| array-mutation.js:39:17:39:24 | source() | array-mutation.js:40:8:40:8 | j |
| arrays.js:2:15:2:22 | source() | arrays.js:5:10:5:20 | arrify(foo) |
| arrays.js:2:15:2:22 | source() | arrays.js:8:10:8:22 | arrayIfy(foo) |
| arrays.js:2:15:2:22 | source() | arrays.js:11:10:11:28 | union(["bla"], foo) |
| arrays.js:2:15:2:22 | source() | arrays.js:14:10:14:18 | flat(foo) |
| booleanOps.js:2:11:2:18 | source() | booleanOps.js:4:8:4:8 | x |
| booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x |
| booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x |
@@ -34,7 +38,17 @@ typeInferenceMismatch
| callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y |
| callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x |
| capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() |
| capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() |
| capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) |
| captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x |
| case.js:2:16:2:23 | source() | case.js:5:8:5:35 | changeC ... source) |
| case.js:2:16:2:23 | source() | case.js:8:8:8:24 | camelCase(source) |
| case.js:2:16:2:23 | source() | case.js:11:8:11:24 | kebabCase(source) |
| case.js:2:16:2:23 | source() | case.js:12:8:12:32 | kebabCa ... source) |
| case.js:2:16:2:23 | source() | case.js:15:8:15:24 | titleCase(source) |
| case.js:2:16:2:23 | source() | case.js:18:8:18:23 | titleize(source) |
| case.js:2:16:2:23 | source() | case.js:21:8:21:26 | secondCamel(source) |
| case.js:2:16:2:23 | source() | case.js:24:8:24:25 | decamelize(source) |
| closure.js:6:15:6:22 | source() | closure.js:8:8:8:31 | string. ... (taint) |
| closure.js:6:15:6:22 | source() | closure.js:9:8:9:25 | string.trim(taint) |
| closure.js:6:15:6:22 | source() | closure.js:10:8:10:33 | string. ... nt, 50) |
@@ -90,6 +104,15 @@ typeInferenceMismatch
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:16:8:16:38 | require ... source) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:17:8:17:39 | require ... source) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:18:8:18:40 | require ... source) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:21:8:21:46 | new jso ... source) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:24:8:24:43 | json5.s ... ource)) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:27:8:27:47 | flatted ... ource)) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:30:8:30:49 | telepor ... ource)) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:34:8:34:51 | replica ... ource)) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:36:8:36:47 | require ... source) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:39:8:39:37 | jc.stri ... ource)) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:42:8:42:51 | JSON.st ... urce))) |
| json-stringify.js:2:16:2:23 | source() | json-stringify.js:45:8:45:23 | fastJson(source) |
| json-stringify.js:3:15:3:22 | source() | json-stringify.js:8:8:8:31 | jsonStr ... (taint) |
| nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x |
| nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y |

2
javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected
View File

@@ -24,6 +24,8 @@
| callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y |
| callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x |
| capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() |
| capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() |
| capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) |
| captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x |
| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:18:8:18:14 | c.taint |
| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:22:8:22:19 | c_safe.taint |

15
javascript/ql/test/library-tests/TaintTracking/arrays.js Normal file
View File

@@ -0,0 +1,15 @@
function test() {
var foo = source();
const arrify = require("arrify");
sink(arrify(foo)); // NOT OK
const arrayIfy = require("array-ify");
sink(arrayIfy(foo)); // NOT OK
const union = require("array-union");
sink(union(["bla"], foo)); // NOT OK
const flat = require("arr-flatten");
sink(flat(foo)); // NOT OK
}

14
javascript/ql/test/library-tests/TaintTracking/capture-flow.js
View File

@@ -16,4 +16,16 @@ function outerMost() {
return outer();
}
sink(outerMost()); // NOT OK - but missed
sink(outerMost()); // NOT OK
function confuse(x) {
let captured;
function f() {
captured = x;
}
f();
return captured;
}
sink(confuse('safe')); // OK
sink(confuse(source())); // NOT OK

25
javascript/ql/test/library-tests/TaintTracking/case.js Normal file
View File

@@ -0,0 +1,25 @@
function foo() {
let source = source();
const changeCase = require("change-case");
sink(changeCase.camelCase(source)); // NOT OK
import { camelCase } from "camel-case";
sink(camelCase(source)); // NOT OK
var kebabCase = require("kebab-case");
sink(kebabCase(source)); // NOT OK
sink(kebabCase.reverse(source)); // NOT OK
import { titleCase } from "title-case";
sink(titleCase(source)); // NOT OK
import titleize from 'titleize';
sink(titleize(source)); // NOT OK
const secondCamel = require('camelcase');
sink(secondCamel(source)); // NOT OK
const decamelize = require('decamelize');
sink(decamelize(source)); // NOT OK
}

27
javascript/ql/test/library-tests/TaintTracking/json-stringify.js
View File

@@ -16,4 +16,31 @@ function foo() {
sink(require("util").inspect(source)); // NOT OK
sink(require("pretty-format")(source)); // NOT OK
sink(require("object-inspect")(source)); // NOT OK
const json2csv = require('json2csv');
sink(new json2csv.Parser(opts).parse(source)); // NOT OK
const json5 = require('json5');
sink(json5.stringify(json5.parse(source))); // NOT OK
const flatted = require('flatted');
sink(flatted.stringify(flatted.parse(source))); // NOT OK
const teleport = require('teleport-javascript');
sink(teleport.stringify(teleport.parse(source))); // NOT OK
const Replicator = require('replicator');
const replicator = new Replicator();
sink(replicator.encode(replicator.decode(source))); // NOT OK
sink(require("safe-stable-stringify")(source)); // NOT OK
const jc = require('json-cycle');
sink(jc.stringify(jc.parse(source))); // NOT OK
const stripper = require("strip-json-comments");
sink(JSON.stringify(JSON.parse(stripper(source)))); // NOT OK
const fastJson = require('fast-json-stringify');
sink(fastJson(source)); // NOT OK
}

841
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
View File

@@ -1285,6 +1285,136 @@ nodes
| TaintedPath.js:195:50:195:53 | path |
| TaintedPath.js:195:50:195:53 | path |
| TaintedPath.js:195:50:195:53 | path |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:38:203:44 | req.url |
| TaintedPath.js:203:38:203:44 | req.url |
| TaintedPath.js:203:38:203:44 | req.url |
| TaintedPath.js:203:38:203:44 | req.url |
| TaintedPath.js:203:38:203:44 | req.url |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url |
| TaintedPath.js:204:51:204:57 | req.url |
| TaintedPath.js:204:51:204:57 | req.url |
| TaintedPath.js:204:51:204:57 | req.url |
| TaintedPath.js:204:51:204:57 | req.url |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:44:206:50 | req.url |
| TaintedPath.js:206:44:206:50 | req.url |
| TaintedPath.js:206:44:206:50 | req.url |
| TaintedPath.js:206:44:206:50 | req.url |
| TaintedPath.js:206:44:206:50 | req.url |
| normalizedPaths.js:11:7:11:27 | path |
| normalizedPaths.js:11:7:11:27 | path |
| normalizedPaths.js:11:7:11:27 | path |
@@ -1843,6 +1973,29 @@ nodes
| normalizedPaths.js:363:21:363:31 | requestPath |
| normalizedPaths.js:363:21:363:31 | requestPath |
| normalizedPaths.js:363:21:363:31 | requestPath |
| normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path |
| normalizedPaths.js:377:14:377:27 | req.query.path |
| normalizedPaths.js:377:14:377:27 | req.query.path |
| normalizedPaths.js:377:14:377:27 | req.query.path |
| normalizedPaths.js:377:14:377:27 | req.query.path |
| normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:25:381:28 | path |
| normalizedPaths.js:381:25:381:28 | path |
| normalizedPaths.js:381:25:381:28 | path |
| normalizedPaths.js:381:25:381:28 | path |
| other-fs-libraries.js:9:7:9:48 | path |
| other-fs-libraries.js:9:7:9:48 | path |
| other-fs-libraries.js:9:7:9:48 | path |
@@ -2339,6 +2492,160 @@ nodes
| other-fs-libraries.js:59:39:59:42 | path |
| other-fs-libraries.js:59:39:59:42 | path |
| other-fs-libraries.js:59:39:59:42 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:24:68:30 | req.url |
| other-fs-libraries.js:68:24:68:30 | req.url |
| other-fs-libraries.js:68:24:68:30 | req.url |
| other-fs-libraries.js:68:24:68:30 | req.url |
| other-fs-libraries.js:68:24:68:30 | req.url |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:72:15:72:18 | path |
| prettier.js:6:11:6:28 | p |
| prettier.js:6:11:6:28 | p |
| prettier.js:6:11:6:28 | p |
@@ -5449,6 +5756,262 @@ edges
| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) |
| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) |
| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
@@ -6111,6 +6674,34 @@ edges
| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path |
| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
@@ -6815,6 +7406,70 @@ edges
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
@@ -6895,6 +7550,182 @@ edges
| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) |
| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) |
| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p |
| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p |
| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p |
@@ -8478,6 +9309,9 @@ edges
| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | This path depends on $@. | TaintedPath.js:203:38:203:44 | req.url | a user-provided value |
| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | This path depends on $@. | TaintedPath.js:204:51:204:57 | req.url | a user-provided value |
| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | This path depends on $@. | TaintedPath.js:206:44:206:50 | req.url | a user-provided value |
| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
@@ -8535,6 +9369,8 @@ edges
| normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on $@. | normalizedPaths.js:339:32:339:45 | req.query.path | a user-provided value |
| normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on $@. | normalizedPaths.js:354:14:354:27 | req.query.path | a user-provided value |
| normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on $@. | normalizedPaths.js:354:14:354:27 | req.query.path | a user-provided value |
| normalizedPaths.js:379:19:379:22 | path | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:379:19:379:22 | path | This path depends on $@. | normalizedPaths.js:377:14:377:27 | req.query.path | a user-provided value |
| normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on $@. | normalizedPaths.js:377:14:377:27 | req.query.path | a user-provided value |
| other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
| other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
@@ -8552,6 +9388,11 @@ edges
| other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:62:43:62:46 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:62:43:62:46 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:63:51:63:54 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:63:51:63:54 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
| other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
| other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
| other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
| prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
| prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | a user-provided value |

11
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js
View File

@@ -193,4 +193,15 @@ var server = http.createServer(function(req, res) {
res.write(fs.readFileSync("prefix" + path.replace(/^(\.\.[\/\\])+/, ''))); // NOT OK - not normalized
res.write(fs.readFileSync(pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // NOT OK (can be absolute)
});
import normalizeUrl from 'normalize-url';
var server = http.createServer(function(req, res) {
// tests for a few more uri-libraries
const qs = require("qs");
res.write(fs.readFileSync(qs.parse(req.url).foo)); // NOT OK
res.write(fs.readFileSync(qs.parse(normalizeUrl(req.url)).foo)); // NOT OK
const parseqs = require("parseqs");
res.write(fs.readFileSync(parseqs.decode(req.url).foo)); // NOT OK
});

9
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js
View File

@@ -370,4 +370,13 @@ app.get('/yet-another-prefix2', (req, res) => {
function allowPath(requestPath, rootPath) {
return requestPath.indexOf(rootPath) === 0;
}
});
import slash from 'slash';
app.get('/slash-stuff', (req, res) => {
let path = req.query.path;
fs.readFileSync(path); // NOT OK
fs.readFileSync(slash(path)); // NOT OK
});

13
javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js
View File

@@ -57,4 +57,17 @@ http.createServer(function(req, res) {
require('util.promisify')(fs.readFileSync)(path); // NOT OK
require("thenify")(fs.readFileSync)(path); // NOT OK
const readPkg = require('read-pkg');
var pkg = readPkg.readPackageSync({cwd: path}); // NOT OK
var pkgPromise = readPkg.readPackageAsync({cwd: path}); // NOT OK
});
const mkdirp = require("mkdirp");
http.createServer(function(req, res) {
var path = url.parse(req.url, true).query.path;
fs.readFileSync(path); // NOT OK
mkdirp(path); // NOT OK
mkdirp.sync(path); // NOT OK
});

32
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

@@ -374,6 +374,13 @@ nodes
| string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href |
| string-manipulations.js:10:23:10:44 | documen ... on.href |
| tooltip.jsx:6:11:6:30 | source |
| tooltip.jsx:6:20:6:30 | window.name |
| tooltip.jsx:6:20:6:30 | window.name |
| tooltip.jsx:10:25:10:30 | source |
| tooltip.jsx:10:25:10:30 | source |
| tooltip.jsx:11:25:11:30 | source |
| tooltip.jsx:11:25:11:30 | source |
| translate.js:6:7:6:39 | target |
| translate.js:6:16:6:39 | documen ... .search |
| translate.js:6:16:6:39 | documen ... .search |
@@ -684,6 +691,14 @@ nodes
| tst.js:444:44:444:49 | source |
| tst.js:445:32:445:37 | source |
| tst.js:445:32:445:37 | source |
| tst.js:453:7:453:39 | source |
| tst.js:453:16:453:39 | documen ... .search |
| tst.js:453:16:453:39 | documen ... .search |
| tst.js:455:18:455:23 | source |
| tst.js:455:18:455:23 | source |
| tst.js:456:18:456:42 | ansiToH ... source) |
| tst.js:456:18:456:42 | ansiToH ... source) |
| tst.js:456:36:456:41 | source |
| typeahead.js:20:13:20:45 | target |
| typeahead.js:20:22:20:45 | documen ... .search |
| typeahead.js:20:22:20:45 | documen ... .search |
@@ -1077,6 +1092,12 @@ edges
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source |
| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source |
| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source |
| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
@@ -1341,6 +1362,13 @@ edges
| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source |
| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source |
| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source |
| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source |
| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source |
| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source |
| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source |
| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source |
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) |
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) |
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target |
| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target |
@@ -1483,6 +1511,8 @@ edges
| string-manipulations.js:8:16:8:48 | documen ... mLeft() | string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:8:16:8:37 | documen ... on.href | user-provided value |
| string-manipulations.js:9:16:9:58 | String. ... n.href) | string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:9:36:9:57 | documen ... on.href | user-provided value |
| string-manipulations.js:10:16:10:45 | String( ... n.href) | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:10:23:10:44 | documen ... on.href | user-provided value |
| tooltip.jsx:10:25:10:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:10:25:10:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value |
| tooltip.jsx:11:25:11:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:11:25:11:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value |
| translate.js:9:27:9:50 | searchP ... 'term') | translate.js:6:16:6:39 | documen ... .search | translate.js:9:27:9:50 | searchP ... 'term') | Cross-site scripting vulnerability due to $@. | translate.js:6:16:6:39 | documen ... .search | user-provided value |
| tst3.js:4:25:4:32 | data.src | tst3.js:2:42:2:63 | window. ... .search | tst3.js:4:25:4:32 | data.src | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value |
| tst3.js:5:26:5:31 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:5:26:5:31 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value |
@@ -1566,6 +1596,8 @@ edges
| tst.js:443:41:443:46 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:443:41:443:46 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value |
| tst.js:444:44:444:49 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:444:44:444:49 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value |
| tst.js:445:32:445:37 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:445:32:445:37 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value |
| tst.js:455:18:455:23 | source | tst.js:453:16:453:39 | documen ... .search | tst.js:455:18:455:23 | source | Cross-site scripting vulnerability due to $@. | tst.js:453:16:453:39 | documen ... .search | user-provided value |
| tst.js:456:18:456:42 | ansiToH ... source) | tst.js:453:16:453:39 | documen ... .search | tst.js:456:18:456:42 | ansiToH ... source) | Cross-site scripting vulnerability due to $@. | tst.js:453:16:453:39 | documen ... .search | user-provided value |
| typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:45 | documen ... .search | user-provided value |
| v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value |
| various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value |

28
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

@@ -381,6 +381,13 @@ nodes
| string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href |
| string-manipulations.js:10:23:10:44 | documen ... on.href |
| tooltip.jsx:6:11:6:30 | source |
| tooltip.jsx:6:20:6:30 | window.name |
| tooltip.jsx:6:20:6:30 | window.name |
| tooltip.jsx:10:25:10:30 | source |
| tooltip.jsx:10:25:10:30 | source |
| tooltip.jsx:11:25:11:30 | source |
| tooltip.jsx:11:25:11:30 | source |
| translate.js:6:7:6:39 | target |
| translate.js:6:16:6:39 | documen ... .search |
| translate.js:6:16:6:39 | documen ... .search |
@@ -691,6 +698,14 @@ nodes
| tst.js:444:44:444:49 | source |
| tst.js:445:32:445:37 | source |
| tst.js:445:32:445:37 | source |
| tst.js:453:7:453:39 | source |
| tst.js:453:16:453:39 | documen ... .search |
| tst.js:453:16:453:39 | documen ... .search |
| tst.js:455:18:455:23 | source |
| tst.js:455:18:455:23 | source |
| tst.js:456:18:456:42 | ansiToH ... source) |
| tst.js:456:18:456:42 | ansiToH ... source) |
| tst.js:456:36:456:41 | source |
| typeahead.js:9:28:9:30 | loc |
| typeahead.js:9:28:9:30 | loc |
| typeahead.js:10:16:10:18 | loc |
@@ -1101,6 +1116,12 @@ edges
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source |
| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source |
| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source |
| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source |
| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
@@ -1365,6 +1386,13 @@ edges
| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source |
| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source |
| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source |
| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source |
| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source |
| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source |
| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source |
| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source |
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) |
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |

14
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tooltip.jsx Normal file
View File

@@ -0,0 +1,14 @@
import React from 'react';
import ReactDOM from 'react-dom';
import ReactTooltip from 'react-tooltip';
function tooltips() {
const source = window.name;
return <span>
<span data-tip={source}/> // OK
<span data-tip={source} data-html={false} /> // OK
<span data-tip={source} data-html="true" /> // NOT OK
<span data-tip={source} data-html={true} /> // NOT OK
<ReactTooltip />
</span>
}

11
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js
View File

@@ -444,3 +444,14 @@ function mootools(){
new Element("div").setProperties({"html": source}); // NOT OK
new Element("div").appendHtml(source); // NOT OK
}
const Convert = require('ansi-to-html');
const ansiToHtml = new Convert();
function ansiToHTML() {
var source = document.location.search;
$("#foo").html(source); // NOT OK
$("#foo").html(ansiToHtml.toHtml(source)); // NOT OK
}

51
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected
View File

@@ -190,6 +190,30 @@ nodes
| tst2.js:49:36:49:36 | p |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:51:12:51:17 | unsafe |
| tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:57:9:57:9 | p |
| tst2.js:60:11:60:11 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:63:12:63:12 | p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:69:9:69:9 | p |
| tst2.js:72:11:72:11 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:75:12:75:12 | p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:82:9:82:9 | p |
| tst2.js:85:11:85:11 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:88:12:88:12 | p |
| tst2.js:89:12:89:18 | other.p |
| tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p |
| tst3.js:5:9:5:9 | p |
| tst3.js:5:9:5:9 | p |
@@ -359,6 +383,27 @@ edges
| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe |
| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) |
| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
@@ -412,5 +457,11 @@ edges
| tst2.js:36:12:36:12 | p | tst2.js:30:9:30:9 | p | tst2.js:36:12:36:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:37:12:37:18 | other.p | tst2.js:30:9:30:9 | p | tst2.js:37:12:37:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:51:12:51:17 | unsafe | tst2.js:43:9:43:9 | p | tst2.js:51:12:51:17 | unsafe | Cross-site scripting vulnerability due to $@. | tst2.js:43:9:43:9 | p | user-provided value |
| tst2.js:63:12:63:12 | p | tst2.js:57:9:57:9 | p | tst2.js:63:12:63:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:64:12:64:18 | other.p | tst2.js:57:9:57:9 | p | tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:75:12:75:12 | p | tst2.js:69:9:69:9 | p | tst2.js:75:12:75:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:76:12:76:18 | other.p | tst2.js:69:9:69:9 | p | tst2.js:76:12:76:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:88:12:88:12 | p | tst2.js:82:9:82:9 | p | tst2.js:88:12:88:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst2.js:89:12:89:18 | other.p | tst2.js:82:9:82:9 | p | tst2.js:89:12:89:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst3.js:6:12:6:12 | p | tst3.js:5:9:5:9 | p | tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
| tst3.js:12:12:12:15 | code | tst3.js:11:32:11:39 | reg.body | tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

6
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected
View File

@@ -40,5 +40,11 @@
| tst2.js:36:12:36:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:37:12:37:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
| tst2.js:51:12:51:17 | unsafe | Cross-site scripting vulnerability due to $@. | tst2.js:43:9:43:9 | p | user-provided value |
| tst2.js:63:12:63:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
| tst2.js:75:12:75:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:76:12:76:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
| tst2.js:88:12:88:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst2.js:89:12:89:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
| tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
| tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

38
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/tst2.js
View File

@@ -49,4 +49,42 @@ app.get('/baz', function(req, res) {
var unsafe = serializeJavaScript(p, {unsafe: true});
res.send(unsafe); // NOT OK
});
const fclone = require('fclone');
app.get('/baz', function(req, res) {
let { p } = req.params;
var obj = {};
obj.p = p;
var other = fclone(obj);
res.send(p); // NOT OK
res.send(other.p); // NOT OK
});
const jc = require('json-cycle');
app.get('/baz', function(req, res) {
let { p } = req.params;
var obj = {};
obj.p = p;
var other = jc.retrocycle(jc.decycle(obj));
res.send(p); // NOT OK
res.send(other.p); // NOT OK
});
const sortKeys = require('sort-keys');
app.get('/baz', function(req, res) {
let { p } = req.params;
var obj = {};
obj.p = p;
var other = sortKeys(obj);
res.send(p); // NOT OK
res.send(other.p); // NOT OK
});

5
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected
View File

@@ -97,6 +97,9 @@ nodes
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
@@ -221,6 +224,7 @@ edges
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
@@ -305,6 +309,7 @@ edges
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | $@ flows to here and is interpreted as code. | express.js:19:37:19:70 | req.par ... odule") | User-provided value |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | $@ flows to here and is interpreted as code. | express.js:21:19:21:48 | req.par ... ntext") | User-provided value |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | $@ flows to here and is interpreted as code. | module.js:9:16:9:29 | req.query.code | User-provided value |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | $@ flows to here and is interpreted as code. | module.js:11:17:11:30 | req.query.code | User-provided value |
| react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | $@ flows to here and is interpreted as code. | react-native.js:7:17:7:33 | req.param("code") | User-provided value |
| react-native.js:10:23:10:29 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:10:23:10:29 | tainted | $@ flows to here and is interpreted as code. | react-native.js:7:17:7:33 | req.param("code") | User-provided value |
| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | $@ flows to here and is interpreted as code. | react.js:10:56:10:77 | documen ... on.hash | User-provided value |

4
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected
View File

@@ -101,6 +101,9 @@ nodes
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:7:17:7:33 | req.param("code") |
@@ -229,6 +232,7 @@ edges
| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") |
| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") |
| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |

2
javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/module.js
View File

@@ -7,4 +7,6 @@ app.get('/some/path', function (req, res) {
let filename = req.query.filename;
var m = new Module(filename, module.parent);
m._compile(req.query.code, filename); // NOT OK
var m2 = new module.constructor;
m2._compile(req.query.code, filename); // NOT OK
});

98
javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected
View File

@@ -65,24 +65,35 @@ nodes
| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) |
| logInjectionBad.js:58:50:58:57 | username |
| logInjectionBad.js:64:9:64:36 | q |
| logInjectionBad.js:64:13:64:36 | url.par ... , true) |
| logInjectionBad.js:64:23:64:29 | req.url |
| logInjectionBad.js:64:23:64:29 | req.url |
| logInjectionBad.js:65:9:65:35 | username |
| logInjectionBad.js:65:20:65:20 | q |
| logInjectionBad.js:65:20:65:26 | q.query |
| logInjectionBad.js:65:20:65:35 | q.query.username |
| logInjectionBad.js:67:15:67:22 | username |
| logInjectionBad.js:67:15:67:22 | username |
| logInjectionBad.js:74:30:74:37 | username |
| logInjectionBad.js:74:30:74:37 | username |
| logInjectionBad.js:83:26:83:33 | username |
| logInjectionBad.js:83:26:83:33 | username |
| logInjectionBad.js:63:9:63:36 | q |
| logInjectionBad.js:63:13:63:36 | url.par ... , true) |
| logInjectionBad.js:63:23:63:29 | req.url |
| logInjectionBad.js:63:23:63:29 | req.url |
| logInjectionBad.js:64:9:64:35 | username |
| logInjectionBad.js:64:20:64:20 | q |
| logInjectionBad.js:64:20:64:26 | q.query |
| logInjectionBad.js:64:20:64:35 | q.query.username |
| logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
| logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
| logInjectionBad.js:66:35:66:42 | username |
| logInjectionBad.js:72:9:72:36 | q |
| logInjectionBad.js:72:13:72:36 | url.par ... , true) |
| logInjectionBad.js:72:23:72:29 | req.url |
| logInjectionBad.js:72:23:72:29 | req.url |
| logInjectionBad.js:73:9:73:35 | username |
| logInjectionBad.js:73:20:73:20 | q |
| logInjectionBad.js:73:20:73:26 | q.query |
| logInjectionBad.js:73:20:73:35 | q.query.username |
| logInjectionBad.js:75:15:75:22 | username |
| logInjectionBad.js:75:15:75:22 | username |
| logInjectionBad.js:82:30:82:37 | username |
| logInjectionBad.js:82:30:82:37 | username |
| logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:105:37:105:44 | username |
| logInjectionBad.js:105:37:105:44 | username |
| logInjectionBad.js:99:26:99:33 | username |
| logInjectionBad.js:99:26:99:33 | username |
| logInjectionBad.js:113:37:113:44 | username |
| logInjectionBad.js:113:37:113:44 | username |
edges
| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q |
| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q |
@@ -148,23 +159,33 @@ edges
| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) |
| logInjectionBad.js:64:9:64:36 | q | logInjectionBad.js:65:20:65:20 | q |
| logInjectionBad.js:64:13:64:36 | url.par ... , true) | logInjectionBad.js:64:9:64:36 | q |
| logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:64:13:64:36 | url.par ... , true) |
| logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:64:13:64:36 | url.par ... , true) |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:67:15:67:22 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:67:15:67:22 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:74:30:74:37 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:74:30:74:37 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:83:26:83:33 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:83:26:83:33 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:105:37:105:44 | username |
| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:105:37:105:44 | username |
| logInjectionBad.js:65:20:65:20 | q | logInjectionBad.js:65:20:65:26 | q.query |
| logInjectionBad.js:65:20:65:26 | q.query | logInjectionBad.js:65:20:65:35 | q.query.username |
| logInjectionBad.js:65:20:65:35 | q.query.username | logInjectionBad.js:65:9:65:35 | username |
| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q |
| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q |
| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) |
| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) |
| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username |
| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:20:64:26 | q.query |
| logInjectionBad.js:64:20:64:26 | q.query | logInjectionBad.js:64:20:64:35 | q.query.username |
| logInjectionBad.js:64:20:64:35 | q.query.username | logInjectionBad.js:64:9:64:35 | username |
| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q |
| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q |
| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) |
| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username |
| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username |
| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:20:73:26 | q.query |
| logInjectionBad.js:73:20:73:26 | q.query | logInjectionBad.js:73:20:73:35 | q.query.username |
| logInjectionBad.js:73:20:73:35 | q.query.username | logInjectionBad.js:73:9:73:35 | username |
#select
| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | $@ flows to log entry. | logInjectionBad.js:19:23:19:29 | req.url | User-provided value |
| logInjectionBad.js:23:37:23:44 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:23:37:23:44 | username | $@ flows to log entry. | logInjectionBad.js:19:23:19:29 | req.url | User-provided value |
@@ -181,8 +202,9 @@ edges
| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | $@ flows to log entry. | logInjectionBad.js:46:23:46:29 | req.url | User-provided value |
| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | $@ flows to log entry. | logInjectionBad.js:46:23:46:29 | req.url | User-provided value |
| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | $@ flows to log entry. | logInjectionBad.js:46:23:46:29 | req.url | User-provided value |
| logInjectionBad.js:67:15:67:22 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:67:15:67:22 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
| logInjectionBad.js:74:30:74:37 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:74:30:74:37 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
| logInjectionBad.js:83:26:83:33 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:83:26:83:33 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
| logInjectionBad.js:91:26:91:33 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:91:26:91:33 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
| logInjectionBad.js:105:37:105:44 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:105:37:105:44 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | $@ flows to log entry. | logInjectionBad.js:63:23:63:29 | req.url | User-provided value |
| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:75:15:75:22 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |
| logInjectionBad.js:82:30:82:37 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:82:30:82:37 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |
| logInjectionBad.js:91:26:91:33 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:91:26:91:33 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |
| logInjectionBad.js:99:26:99:33 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:99:26:99:33 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |
| logInjectionBad.js:113:37:113:44 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:113:37:113:44 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |

12
javascript/ql/test/query-tests/Security/CWE-117/logInjectionBad.js
View File

@@ -58,12 +58,20 @@ const server2 = http.createServer((req, res) => {
console.log(stripAnsi(chalk.underline.bgBlue(username))); // NOT OK
});
const pino = require('pino')()
var prettyjson = require('prettyjson');
const server3 = http.createServer((req, res) => {
let q = url.parse(req.url, true);
let username = q.query.username;
console.log(prettyjson.render(username)); // NOT OK
});
const pino = require('pino')()
const server4 = http.createServer((req, res) => {
let q = url.parse(req.url, true);
let username = q.query.username;
pino.info(username); // NOT OK
function fastify() {