Merge branch 'main' into logs

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected

@@ -1285,6 +1285,136 @@ nodes
 | TaintedPath.js:195:50:195:53 | path |
 | TaintedPath.js:195:50:195:53 | path |
 | TaintedPath.js:195:50:195:53 | path |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:38:203:44 | req.url |
+| TaintedPath.js:203:38:203:44 | req.url |
+| TaintedPath.js:203:38:203:44 | req.url |
+| TaintedPath.js:203:38:203:44 | req.url |
+| TaintedPath.js:203:38:203:44 | req.url |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url |
+| TaintedPath.js:204:51:204:57 | req.url |
+| TaintedPath.js:204:51:204:57 | req.url |
+| TaintedPath.js:204:51:204:57 | req.url |
+| TaintedPath.js:204:51:204:57 | req.url |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:44:206:50 | req.url |
+| TaintedPath.js:206:44:206:50 | req.url |
+| TaintedPath.js:206:44:206:50 | req.url |
+| TaintedPath.js:206:44:206:50 | req.url |
+| TaintedPath.js:206:44:206:50 | req.url |
 | normalizedPaths.js:11:7:11:27 | path |
 | normalizedPaths.js:11:7:11:27 | path |
 | normalizedPaths.js:11:7:11:27 | path |
@@ -1843,6 +1973,29 @@ nodes
 | normalizedPaths.js:363:21:363:31 | requestPath |
 | normalizedPaths.js:363:21:363:31 | requestPath |
 | normalizedPaths.js:363:21:363:31 | requestPath |
+| normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path |
+| normalizedPaths.js:377:14:377:27 | req.query.path |
+| normalizedPaths.js:377:14:377:27 | req.query.path |
+| normalizedPaths.js:377:14:377:27 | req.query.path |
+| normalizedPaths.js:377:14:377:27 | req.query.path |
+| normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path |
+| normalizedPaths.js:381:25:381:28 | path |
+| normalizedPaths.js:381:25:381:28 | path |
+| normalizedPaths.js:381:25:381:28 | path |
 | other-fs-libraries.js:9:7:9:48 | path |
 | other-fs-libraries.js:9:7:9:48 | path |
 | other-fs-libraries.js:9:7:9:48 | path |
@@ -2339,6 +2492,160 @@ nodes
 | other-fs-libraries.js:59:39:59:42 | path |
 | other-fs-libraries.js:59:39:59:42 | path |
 | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:24:68:30 | req.url |
+| other-fs-libraries.js:68:24:68:30 | req.url |
+| other-fs-libraries.js:68:24:68:30 | req.url |
+| other-fs-libraries.js:68:24:68:30 | req.url |
+| other-fs-libraries.js:68:24:68:30 | req.url |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:72:15:72:18 | path |
 | prettier.js:6:11:6:28 | p |
 | prettier.js:6:11:6:28 | p |
 | prettier.js:6:11:6:28 | p |
@@ -5449,6 +5756,262 @@ edges
 | TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) |
 | TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) |
 | TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
+| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) |
 | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
 | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
 | normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path |
@@ -6111,6 +6674,34 @@ edges
 | normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
 | normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
 | normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path |
+| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path |
+| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) |
 | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
 | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
 | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path |
@@ -6815,6 +7406,70 @@ edges
 | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
 | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
 | other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
+| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path |
 | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
 | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
 | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query |
@@ -6895,6 +7550,182 @@ edges
 | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) |
 | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) |
 | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
+| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) |
 | prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p |
 | prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p |
 | prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p |
@@ -8478,6 +9309,9 @@ edges
 | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
 | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
 | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | This path depends on $@. | TaintedPath.js:166:24:166:30 | req.url | a user-provided value |
+| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | This path depends on $@. | TaintedPath.js:203:38:203:44 | req.url | a user-provided value |
+| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | This path depends on $@. | TaintedPath.js:204:51:204:57 | req.url | a user-provided value |
+| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | This path depends on $@. | TaintedPath.js:206:44:206:50 | req.url | a user-provided value |
 | normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
 | normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
 | normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on $@. | normalizedPaths.js:11:14:11:27 | req.query.path | a user-provided value |
@@ -8535,6 +9369,8 @@ edges
 | normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on $@. | normalizedPaths.js:339:32:339:45 | req.query.path | a user-provided value |
 | normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on $@. | normalizedPaths.js:354:14:354:27 | req.query.path | a user-provided value |
 | normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on $@. | normalizedPaths.js:354:14:354:27 | req.query.path | a user-provided value |
+| normalizedPaths.js:379:19:379:22 | path | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:379:19:379:22 | path | This path depends on $@. | normalizedPaths.js:377:14:377:27 | req.query.path | a user-provided value |
+| normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on $@. | normalizedPaths.js:377:14:377:27 | req.query.path | a user-provided value |
 | other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
 | other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
 | other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on $@. | other-fs-libraries.js:9:24:9:30 | req.url | a user-provided value |
@@ -8552,6 +9388,11 @@ edges
 | other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
 | other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
 | other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
+| other-fs-libraries.js:62:43:62:46 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:62:43:62:46 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
+| other-fs-libraries.js:63:51:63:54 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:63:51:63:54 | path | This path depends on $@. | other-fs-libraries.js:49:24:49:30 | req.url | a user-provided value |
+| other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
+| other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
+| other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on $@. | other-fs-libraries.js:68:24:68:30 | req.url | a user-provided value |
 | prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
 | prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on $@. | prettier.js:6:13:6:13 | p | a user-provided value |
 | pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js

@@ -193,4 +193,15 @@ var server = http.createServer(function(req, res) {
 
   res.write(fs.readFileSync("prefix" + path.replace(/^(\.\.[\/\\])+/, ''))); // NOT OK - not normalized
   res.write(fs.readFileSync(pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // NOT OK (can be absolute)
+});
+
+import normalizeUrl from 'normalize-url';
+
+var server = http.createServer(function(req, res) {
+  // tests for a few more uri-libraries
+  const qs = require("qs");
+  res.write(fs.readFileSync(qs.parse(req.url).foo)); // NOT OK
+  res.write(fs.readFileSync(qs.parse(normalizeUrl(req.url)).foo)); // NOT OK
+  const parseqs = require("parseqs");
+  res.write(fs.readFileSync(parseqs.decode(req.url).foo)); // NOT OK
 });

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js

@@ -370,4 +370,13 @@ app.get('/yet-another-prefix2', (req, res) => {
   function allowPath(requestPath, rootPath) {
     return requestPath.indexOf(rootPath) === 0;
   }
+});
+
+import slash from 'slash';
+app.get('/slash-stuff', (req, res) => {
+  let path = req.query.path;
+
+  fs.readFileSync(path); // NOT OK
+
+  fs.readFileSync(slash(path)); // NOT OK
 });

javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js

@@ -57,4 +57,17 @@ http.createServer(function(req, res) {
   require('util.promisify')(fs.readFileSync)(path); // NOT OK
 
   require("thenify")(fs.readFileSync)(path); // NOT OK
+
+  const readPkg = require('read-pkg');
+  var pkg = readPkg.readPackageSync({cwd: path}); // NOT OK
+  var pkgPromise = readPkg.readPackageAsync({cwd: path}); // NOT OK
+});
+
+const mkdirp = require("mkdirp");
+http.createServer(function(req, res) {
+  var path = url.parse(req.url, true).query.path;
+
+  fs.readFileSync(path); // NOT OK
+  mkdirp(path); // NOT OK
+  mkdirp.sync(path); // NOT OK
 });

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected

@@ -374,6 +374,13 @@ nodes
 | string-manipulations.js:10:16:10:45 | String( ... n.href) |
 | string-manipulations.js:10:23:10:44 | documen ... on.href |
 | string-manipulations.js:10:23:10:44 | documen ... on.href |
+| tooltip.jsx:6:11:6:30 | source |
+| tooltip.jsx:6:20:6:30 | window.name |
+| tooltip.jsx:6:20:6:30 | window.name |
+| tooltip.jsx:10:25:10:30 | source |
+| tooltip.jsx:10:25:10:30 | source |
+| tooltip.jsx:11:25:11:30 | source |
+| tooltip.jsx:11:25:11:30 | source |
 | translate.js:6:7:6:39 | target |
 | translate.js:6:16:6:39 | documen ... .search |
 | translate.js:6:16:6:39 | documen ... .search |
@@ -684,6 +691,14 @@ nodes
 | tst.js:444:44:444:49 | source |
 | tst.js:445:32:445:37 | source |
 | tst.js:445:32:445:37 | source |
+| tst.js:453:7:453:39 | source |
+| tst.js:453:16:453:39 | documen ... .search |
+| tst.js:453:16:453:39 | documen ... .search |
+| tst.js:455:18:455:23 | source |
+| tst.js:455:18:455:23 | source |
+| tst.js:456:18:456:42 | ansiToH ... source) |
+| tst.js:456:18:456:42 | ansiToH ... source) |
+| tst.js:456:36:456:41 | source |
 | typeahead.js:20:13:20:45 | target |
 | typeahead.js:20:22:20:45 | documen ... .search |
 | typeahead.js:20:22:20:45 | documen ... .search |
@@ -1077,6 +1092,12 @@ edges
 | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
 | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
 | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
+| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source |
+| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source |
+| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source |
+| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source |
+| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source |
+| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source |
 | translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target |
 | translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
 | translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
@@ -1341,6 +1362,13 @@ edges
 | tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source |
 | tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source |
 | tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source |
+| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source |
+| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source |
+| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source |
+| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source |
+| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source |
+| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) |
+| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) |
 | typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
 | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target |
 | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target |
@@ -1483,6 +1511,8 @@ edges
 | string-manipulations.js:8:16:8:48 | documen ... mLeft() | string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | Cross-site scripting vulnerability due to $@. | string-manipulations.js:8:16:8:37 | documen ... on.href | user-provided value |
 | string-manipulations.js:9:16:9:58 | String. ... n.href) | string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:9:36:9:57 | documen ... on.href | user-provided value |
 | string-manipulations.js:10:16:10:45 | String( ... n.href) | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | Cross-site scripting vulnerability due to $@. | string-manipulations.js:10:23:10:44 | documen ... on.href | user-provided value |
+| tooltip.jsx:10:25:10:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:10:25:10:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value |
+| tooltip.jsx:11:25:11:30 | source | tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:11:25:11:30 | source | Cross-site scripting vulnerability due to $@. | tooltip.jsx:6:20:6:30 | window.name | user-provided value |
 | translate.js:9:27:9:50 | searchP ... 'term') | translate.js:6:16:6:39 | documen ... .search | translate.js:9:27:9:50 | searchP ... 'term') | Cross-site scripting vulnerability due to $@. | translate.js:6:16:6:39 | documen ... .search | user-provided value |
 | tst3.js:4:25:4:32 | data.src | tst3.js:2:42:2:63 | window. ... .search | tst3.js:4:25:4:32 | data.src | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value |
 | tst3.js:5:26:5:31 | data.p | tst3.js:2:42:2:63 | window. ... .search | tst3.js:5:26:5:31 | data.p | Cross-site scripting vulnerability due to $@. | tst3.js:2:42:2:63 | window. ... .search | user-provided value |
@@ -1566,6 +1596,8 @@ edges
 | tst.js:443:41:443:46 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:443:41:443:46 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value |
 | tst.js:444:44:444:49 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:444:44:444:49 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value |
 | tst.js:445:32:445:37 | source | tst.js:436:15:436:38 | documen ... .search | tst.js:445:32:445:37 | source | Cross-site scripting vulnerability due to $@. | tst.js:436:15:436:38 | documen ... .search | user-provided value |
+| tst.js:455:18:455:23 | source | tst.js:453:16:453:39 | documen ... .search | tst.js:455:18:455:23 | source | Cross-site scripting vulnerability due to $@. | tst.js:453:16:453:39 | documen ... .search | user-provided value |
+| tst.js:456:18:456:42 | ansiToH ... source) | tst.js:453:16:453:39 | documen ... .search | tst.js:456:18:456:42 | ansiToH ... source) | Cross-site scripting vulnerability due to $@. | tst.js:453:16:453:39 | documen ... .search | user-provided value |
 | typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:45 | documen ... .search | user-provided value |
 | v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value |
 | various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected

@@ -381,6 +381,13 @@ nodes
 | string-manipulations.js:10:16:10:45 | String( ... n.href) |
 | string-manipulations.js:10:23:10:44 | documen ... on.href |
 | string-manipulations.js:10:23:10:44 | documen ... on.href |
+| tooltip.jsx:6:11:6:30 | source |
+| tooltip.jsx:6:20:6:30 | window.name |
+| tooltip.jsx:6:20:6:30 | window.name |
+| tooltip.jsx:10:25:10:30 | source |
+| tooltip.jsx:10:25:10:30 | source |
+| tooltip.jsx:11:25:11:30 | source |
+| tooltip.jsx:11:25:11:30 | source |
 | translate.js:6:7:6:39 | target |
 | translate.js:6:16:6:39 | documen ... .search |
 | translate.js:6:16:6:39 | documen ... .search |
@@ -691,6 +698,14 @@ nodes
 | tst.js:444:44:444:49 | source |
 | tst.js:445:32:445:37 | source |
 | tst.js:445:32:445:37 | source |
+| tst.js:453:7:453:39 | source |
+| tst.js:453:16:453:39 | documen ... .search |
+| tst.js:453:16:453:39 | documen ... .search |
+| tst.js:455:18:455:23 | source |
+| tst.js:455:18:455:23 | source |
+| tst.js:456:18:456:42 | ansiToH ... source) |
+| tst.js:456:18:456:42 | ansiToH ... source) |
+| tst.js:456:36:456:41 | source |
 | typeahead.js:9:28:9:30 | loc |
 | typeahead.js:9:28:9:30 | loc |
 | typeahead.js:10:16:10:18 | loc |
@@ -1101,6 +1116,12 @@ edges
 | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
 | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
 | string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
+| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source |
+| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source |
+| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source |
+| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source |
+| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source |
+| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source |
 | translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target |
 | translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
 | translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
@@ -1365,6 +1386,13 @@ edges
 | tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source |
 | tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source |
 | tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source |
+| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source |
+| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source |
+| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source |
+| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source |
+| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source |
+| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) |
+| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tooltip.jsx

@@ -0,0 +1,14 @@
+import React from 'react';
+import ReactDOM from 'react-dom';
+import ReactTooltip from 'react-tooltip';
+
+function tooltips() {
+    const source = window.name;
+    return <span>
+        <span data-tip={source}/> // OK
+        <span data-tip={source} data-html={false} /> // OK
+        <span data-tip={source} data-html="true" /> // NOT OK
+        <span data-tip={source} data-html={true} /> // NOT OK
+        <ReactTooltip />
+    </span>
+}

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js

@@ -444,3 +444,14 @@ function mootools(){
 	new Element("div").setProperties({"html": source}); // NOT OK
 	new Element("div").appendHtml(source); // NOT OK
 }
+
+
+const Convert = require('ansi-to-html');
+const ansiToHtml = new Convert();
+
+function ansiToHTML() {
+  var source = document.location.search;
+
+  $("#foo").html(source); // NOT OK
+  $("#foo").html(ansiToHtml.toHtml(source)); // NOT OK
+}

javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected

@@ -190,6 +190,30 @@ nodes
 | tst2.js:49:36:49:36 | p |
 | tst2.js:51:12:51:17 | unsafe |
 | tst2.js:51:12:51:17 | unsafe |
+| tst2.js:57:7:57:24 | p |
+| tst2.js:57:9:57:9 | p |
+| tst2.js:57:9:57:9 | p |
+| tst2.js:60:11:60:11 | p |
+| tst2.js:63:12:63:12 | p |
+| tst2.js:63:12:63:12 | p |
+| tst2.js:64:12:64:18 | other.p |
+| tst2.js:64:12:64:18 | other.p |
+| tst2.js:69:7:69:24 | p |
+| tst2.js:69:9:69:9 | p |
+| tst2.js:69:9:69:9 | p |
+| tst2.js:72:11:72:11 | p |
+| tst2.js:75:12:75:12 | p |
+| tst2.js:75:12:75:12 | p |
+| tst2.js:76:12:76:18 | other.p |
+| tst2.js:76:12:76:18 | other.p |
+| tst2.js:82:7:82:24 | p |
+| tst2.js:82:9:82:9 | p |
+| tst2.js:82:9:82:9 | p |
+| tst2.js:85:11:85:11 | p |
+| tst2.js:88:12:88:12 | p |
+| tst2.js:88:12:88:12 | p |
+| tst2.js:89:12:89:18 | other.p |
+| tst2.js:89:12:89:18 | other.p |
 | tst3.js:5:7:5:24 | p |
 | tst3.js:5:9:5:9 | p |
 | tst3.js:5:9:5:9 | p |
@@ -359,6 +383,27 @@ edges
 | tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe |
 | tst2.js:49:16:49:53 | seriali ...  true}) | tst2.js:49:7:49:53 | unsafe |
 | tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ...  true}) |
+| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p |
+| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
+| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p |
+| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
+| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p |
+| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
+| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p |
+| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p |
+| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
+| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p |
+| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
+| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p |
+| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
+| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p |
+| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p |
+| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
+| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p |
+| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
+| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p |
+| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
+| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p |
 | tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
 | tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p |
 | tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p |
@@ -412,5 +457,11 @@ edges
 | tst2.js:36:12:36:12 | p | tst2.js:30:9:30:9 | p | tst2.js:36:12:36:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
 | tst2.js:37:12:37:18 | other.p | tst2.js:30:9:30:9 | p | tst2.js:37:12:37:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
 | tst2.js:51:12:51:17 | unsafe | tst2.js:43:9:43:9 | p | tst2.js:51:12:51:17 | unsafe | Cross-site scripting vulnerability due to $@. | tst2.js:43:9:43:9 | p | user-provided value |
+| tst2.js:63:12:63:12 | p | tst2.js:57:9:57:9 | p | tst2.js:63:12:63:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
+| tst2.js:64:12:64:18 | other.p | tst2.js:57:9:57:9 | p | tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
+| tst2.js:75:12:75:12 | p | tst2.js:69:9:69:9 | p | tst2.js:75:12:75:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
+| tst2.js:76:12:76:18 | other.p | tst2.js:69:9:69:9 | p | tst2.js:76:12:76:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
+| tst2.js:88:12:88:12 | p | tst2.js:82:9:82:9 | p | tst2.js:88:12:88:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
+| tst2.js:89:12:89:18 | other.p | tst2.js:82:9:82:9 | p | tst2.js:89:12:89:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
 | tst3.js:6:12:6:12 | p | tst3.js:5:9:5:9 | p | tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
 | tst3.js:12:12:12:15 | code | tst3.js:11:32:11:39 | reg.body | tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected

@@ -40,5 +40,11 @@
 | tst2.js:36:12:36:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
 | tst2.js:37:12:37:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:30:9:30:9 | p | user-provided value |
 | tst2.js:51:12:51:17 | unsafe | Cross-site scripting vulnerability due to $@. | tst2.js:43:9:43:9 | p | user-provided value |
+| tst2.js:63:12:63:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
+| tst2.js:64:12:64:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:57:9:57:9 | p | user-provided value |
+| tst2.js:75:12:75:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
+| tst2.js:76:12:76:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:69:9:69:9 | p | user-provided value |
+| tst2.js:88:12:88:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
+| tst2.js:89:12:89:18 | other.p | Cross-site scripting vulnerability due to $@. | tst2.js:82:9:82:9 | p | user-provided value |
 | tst3.js:6:12:6:12 | p | Cross-site scripting vulnerability due to $@. | tst3.js:5:9:5:9 | p | user-provided value |
 | tst3.js:12:12:12:15 | code | Cross-site scripting vulnerability due to $@. | tst3.js:11:32:11:39 | reg.body | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/tst2.js

@@ -49,4 +49,42 @@ app.get('/baz', function(req, res) {
   var unsafe = serializeJavaScript(p, {unsafe: true});
 
   res.send(unsafe); // NOT OK
+});
+
+const fclone = require('fclone');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = fclone(obj);
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
+
+const jc = require('json-cycle');
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = jc.retrocycle(jc.decycle(obj));
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
+});
+
+const sortKeys = require('sort-keys');
+
+app.get('/baz', function(req, res) {
+  let { p } = req.params;
+
+  var obj = {};
+  obj.p = p;
+  var other = sortKeys(obj);
+
+  res.send(p); // NOT OK
+  res.send(other.p); // NOT OK
 });

javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected

@@ -97,6 +97,9 @@ nodes
 | module.js:9:16:9:29 | req.query.code |
 | module.js:9:16:9:29 | req.query.code |
 | module.js:9:16:9:29 | req.query.code |
+| module.js:11:17:11:30 | req.query.code |
+| module.js:11:17:11:30 | req.query.code |
+| module.js:11:17:11:30 | req.query.code |
 | react-native.js:7:7:7:33 | tainted |
 | react-native.js:7:17:7:33 | req.param("code") |
 | react-native.js:7:17:7:33 | req.param("code") |
@@ -221,6 +224,7 @@ edges
 | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") |
 | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") |
 | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
+| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
 | react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
 | react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
 | react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |
@@ -305,6 +309,7 @@ edges
 | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | $@ flows to here and is interpreted as code. | express.js:19:37:19:70 | req.par ... odule") | User-provided value |
 | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | $@ flows to here and is interpreted as code. | express.js:21:19:21:48 | req.par ... ntext") | User-provided value |
 | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | $@ flows to here and is interpreted as code. | module.js:9:16:9:29 | req.query.code | User-provided value |
+| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | $@ flows to here and is interpreted as code. | module.js:11:17:11:30 | req.query.code | User-provided value |
 | react-native.js:8:32:8:38 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:8:32:8:38 | tainted | $@ flows to here and is interpreted as code. | react-native.js:7:17:7:33 | req.param("code") | User-provided value |
 | react-native.js:10:23:10:29 | tainted | react-native.js:7:17:7:33 | req.param("code") | react-native.js:10:23:10:29 | tainted | $@ flows to here and is interpreted as code. | react-native.js:7:17:7:33 | req.param("code") | User-provided value |
 | react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | $@ flows to here and is interpreted as code. | react.js:10:56:10:77 | documen ... on.hash | User-provided value |

javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected

@@ -101,6 +101,9 @@ nodes
 | module.js:9:16:9:29 | req.query.code |
 | module.js:9:16:9:29 | req.query.code |
 | module.js:9:16:9:29 | req.query.code |
+| module.js:11:17:11:30 | req.query.code |
+| module.js:11:17:11:30 | req.query.code |
+| module.js:11:17:11:30 | req.query.code |
 | react-native.js:7:7:7:33 | tainted |
 | react-native.js:7:17:7:33 | req.param("code") |
 | react-native.js:7:17:7:33 | req.param("code") |
@@ -229,6 +232,7 @@ edges
 | express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") |
 | express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") |
 | module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code |
+| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code |
 | react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
 | react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted |
 | react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted |

javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/module.js

@@ -7,4 +7,6 @@ app.get('/some/path', function (req, res) {
     let filename = req.query.filename;
     var m = new Module(filename, module.parent);
     m._compile(req.query.code, filename); // NOT OK
+    var m2 = new module.constructor;
+    m2._compile(req.query.code, filename); // NOT OK
 });

javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected

@@ -65,24 +65,35 @@ nodes
 | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
 | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) |
 | logInjectionBad.js:58:50:58:57 | username |
-| logInjectionBad.js:64:9:64:36 | q |
-| logInjectionBad.js:64:13:64:36 | url.par ... , true) |
-| logInjectionBad.js:64:23:64:29 | req.url |
-| logInjectionBad.js:64:23:64:29 | req.url |
-| logInjectionBad.js:65:9:65:35 | username |
-| logInjectionBad.js:65:20:65:20 | q |
-| logInjectionBad.js:65:20:65:26 | q.query |
-| logInjectionBad.js:65:20:65:35 | q.query.username |
-| logInjectionBad.js:67:15:67:22 | username |
-| logInjectionBad.js:67:15:67:22 | username |
-| logInjectionBad.js:74:30:74:37 | username |
-| logInjectionBad.js:74:30:74:37 | username |
-| logInjectionBad.js:83:26:83:33 | username |
-| logInjectionBad.js:83:26:83:33 | username |
+| logInjectionBad.js:63:9:63:36 | q |
+| logInjectionBad.js:63:13:63:36 | url.par ... , true) |
+| logInjectionBad.js:63:23:63:29 | req.url |
+| logInjectionBad.js:63:23:63:29 | req.url |
+| logInjectionBad.js:64:9:64:35 | username |
+| logInjectionBad.js:64:20:64:20 | q |
+| logInjectionBad.js:64:20:64:26 | q.query |
+| logInjectionBad.js:64:20:64:35 | q.query.username |
+| logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
+| logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
+| logInjectionBad.js:66:35:66:42 | username |
+| logInjectionBad.js:72:9:72:36 | q |
+| logInjectionBad.js:72:13:72:36 | url.par ... , true) |
+| logInjectionBad.js:72:23:72:29 | req.url |
+| logInjectionBad.js:72:23:72:29 | req.url |
+| logInjectionBad.js:73:9:73:35 | username |
+| logInjectionBad.js:73:20:73:20 | q |
+| logInjectionBad.js:73:20:73:26 | q.query |
+| logInjectionBad.js:73:20:73:35 | q.query.username |
+| logInjectionBad.js:75:15:75:22 | username |
+| logInjectionBad.js:75:15:75:22 | username |
+| logInjectionBad.js:82:30:82:37 | username |
+| logInjectionBad.js:82:30:82:37 | username |
 | logInjectionBad.js:91:26:91:33 | username |
 | logInjectionBad.js:91:26:91:33 | username |
-| logInjectionBad.js:105:37:105:44 | username |
-| logInjectionBad.js:105:37:105:44 | username |
+| logInjectionBad.js:99:26:99:33 | username |
+| logInjectionBad.js:99:26:99:33 | username |
+| logInjectionBad.js:113:37:113:44 | username |
+| logInjectionBad.js:113:37:113:44 | username |
 edges
 | logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q |
 | logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q |
@@ -148,23 +159,33 @@ edges
 | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
 | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) |
 | logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) |
-| logInjectionBad.js:64:9:64:36 | q | logInjectionBad.js:65:20:65:20 | q |
-| logInjectionBad.js:64:13:64:36 | url.par ... , true) | logInjectionBad.js:64:9:64:36 | q |
-| logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:64:13:64:36 | url.par ... , true) |
-| logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:64:13:64:36 | url.par ... , true) |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:67:15:67:22 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:67:15:67:22 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:74:30:74:37 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:74:30:74:37 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:83:26:83:33 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:83:26:83:33 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:91:26:91:33 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:91:26:91:33 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:105:37:105:44 | username |
-| logInjectionBad.js:65:9:65:35 | username | logInjectionBad.js:105:37:105:44 | username |
-| logInjectionBad.js:65:20:65:20 | q | logInjectionBad.js:65:20:65:26 | q.query |
-| logInjectionBad.js:65:20:65:26 | q.query | logInjectionBad.js:65:20:65:35 | q.query.username |
-| logInjectionBad.js:65:20:65:35 | q.query.username | logInjectionBad.js:65:9:65:35 | username |
+| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q |
+| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q |
+| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) |
+| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) |
+| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username |
+| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:20:64:26 | q.query |
+| logInjectionBad.js:64:20:64:26 | q.query | logInjectionBad.js:64:20:64:35 | q.query.username |
+| logInjectionBad.js:64:20:64:35 | q.query.username | logInjectionBad.js:64:9:64:35 | username |
+| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
+| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) |
+| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q |
+| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q |
+| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) |
+| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username |
+| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username |
+| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:20:73:26 | q.query |
+| logInjectionBad.js:73:20:73:26 | q.query | logInjectionBad.js:73:20:73:35 | q.query.username |
+| logInjectionBad.js:73:20:73:35 | q.query.username | logInjectionBad.js:73:9:73:35 | username |
 #select
 | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | $@ flows to log entry. | logInjectionBad.js:19:23:19:29 | req.url | User-provided value |
 | logInjectionBad.js:23:37:23:44 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:23:37:23:44 | username | $@ flows to log entry. | logInjectionBad.js:19:23:19:29 | req.url | User-provided value |
@@ -181,8 +202,9 @@ edges
 | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | $@ flows to log entry. | logInjectionBad.js:46:23:46:29 | req.url | User-provided value |
 | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | $@ flows to log entry. | logInjectionBad.js:46:23:46:29 | req.url | User-provided value |
 | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | $@ flows to log entry. | logInjectionBad.js:46:23:46:29 | req.url | User-provided value |
-| logInjectionBad.js:67:15:67:22 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:67:15:67:22 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
-| logInjectionBad.js:74:30:74:37 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:74:30:74:37 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
-| logInjectionBad.js:83:26:83:33 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:83:26:83:33 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
-| logInjectionBad.js:91:26:91:33 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:91:26:91:33 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
-| logInjectionBad.js:105:37:105:44 | username | logInjectionBad.js:64:23:64:29 | req.url | logInjectionBad.js:105:37:105:44 | username | $@ flows to log entry. | logInjectionBad.js:64:23:64:29 | req.url | User-provided value |
+| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | $@ flows to log entry. | logInjectionBad.js:63:23:63:29 | req.url | User-provided value |
+| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:75:15:75:22 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |
+| logInjectionBad.js:82:30:82:37 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:82:30:82:37 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |
+| logInjectionBad.js:91:26:91:33 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:91:26:91:33 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |
+| logInjectionBad.js:99:26:99:33 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:99:26:99:33 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |
+| logInjectionBad.js:113:37:113:44 | username | logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:113:37:113:44 | username | $@ flows to log entry. | logInjectionBad.js:72:23:72:29 | req.url | User-provided value |

javascript/ql/test/query-tests/Security/CWE-117/logInjectionBad.js

@@ -58,12 +58,20 @@ const server2 = http.createServer((req, res) => {
     console.log(stripAnsi(chalk.underline.bgBlue(username))); // NOT OK
 });
 
-const pino = require('pino')()
-
+var prettyjson = require('prettyjson');
 const server3 = http.createServer((req, res) => {
     let q = url.parse(req.url, true);
     let username = q.query.username;
 
+    console.log(prettyjson.render(username)); // NOT OK
+
+});
+
+const pino = require('pino')()
+const server4 = http.createServer((req, res) => {
+    let q = url.parse(req.url, true);
+    let username = q.query.username;
+
     pino.info(username); // NOT OK
 
     function fastify() {