hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Actually don't propagate into array element 0

Browse Source 
Preserving tainted-url-suffix into array element 0 seemed like a good idea, but didn't work out so well.
This commit is contained in:
Asger F
2024-09-12 13:16:52 +02:00
parent 0e4e0f4fdd
commit 1df69ec1d2
5 changed files with 34 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
javascript/ql/lib/semmle/javascript/security/TaintedUrlSuffix.qll
View File

@@ -53,14 +53,18 @@ module TaintedUrlSuffix {
* This handles steps through string operations, promises, URL parsers, and URL accessors.
*/
predicate step(Node src, Node dst, FlowLabel srclbl, FlowLabel dstlbl) {
// Transition from tainted-url-suffix to general taint when entering the second array element
// of a split('#') or split('?') array.
//
// x [tainted-url-suffix] --> x.split('#') [array element 1] [taint]
//
// Technically we should also preverse tainted-url-suffix when entering the first array element of such
// a split, but this mostly leads to FPs since we currently don't track if the taint has been through URI-decoding.
// (The query/fragment parts are often URI-decoded in practice, but not the other URL parts are not)
srclbl = label() and
dstlbl.isTaint() and
DataFlowPrivate::optionalStep(src, "split-url-suffix-post", dst)
or
srclbl = label() and
dstlbl = label() and
DataFlowPrivate::optionalStep(src, "split-url-suffix-pre", dst)
or
// Transition from URL suffix to full taint when extracting the query/fragment part.
srclbl = label() and
dstlbl.isTaint() and

8
javascript/ql/test/library-tests/TaintedUrlSuffix/tst.js
View File

@@ -5,14 +5,14 @@ function t1() {
sink(href); // $ flow=tainted-url-suffix
sink(href.split('#')[0]); // $ flow=tainted-url-suffix
sink(href.split('#')[0]); // could be 'tainted-url-suffix', but omitted due to FPs from URI-encoding
sink(href.split('#')[1]); // $ flow=taint
sink(href.split('#').pop()); // $ flow=taint flow=tainted-url-suffix
sink(href.split('#').pop()); // $ flow=taint
sink(href.split('#')[2]); // $ MISSING: flow=taint // currently the split() summary only propagates to index 1
sink(href.split('?')[0]); // $ flow=tainted-url-suffix
sink(href.split('?')[0]);
sink(href.split('?')[1]); // $ flow=taint
sink(href.split('?').pop()); // $ flow=taint flow=tainted-url-suffix
sink(href.split('?').pop()); // $ flow=taint
sink(href.split('?')[2]); // $ MISSING: flow=taint
sink(href.split(blah())[0]); // $ flow=tainted-url-suffix

112
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected
View File

@@ -4,7 +4,6 @@ nodes
| addEventListener.js:2:20:2:29 | event.data | semmle.label | event.data |
| addEventListener.js:5:43:5:48 | data | semmle.label | data |
| addEventListener.js:5:43:5:48 | {data} | semmle.label | {data} |
| addEventListener.js:5:44:5:47 | data | semmle.label | data |
| addEventListener.js:6:20:6:23 | data | semmle.label | data |
| addEventListener.js:10:21:10:25 | event | semmle.label | event |
| addEventListener.js:12:24:12:28 | event | semmle.label | event |
@@ -189,9 +188,7 @@ nodes
| jquery.js:37:31:37:37 | tainted | semmle.label | tainted |
| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | semmle.label | `https: ... ocale}` |
| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | semmle.label | `https: ... ocale}` |
| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale |
@@ -239,7 +236,6 @@ nodes
| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] |
| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } |
| pages/[id].jsx:5:9:5:29 | id | semmle.label | id |
| pages/[id].jsx:5:11:5:12 | id | semmle.label | id |
| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query |
| pages/[id].jsx:10:44:10:45 | id | semmle.label | id |
| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] |
@@ -249,10 +245,8 @@ nodes
| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] |
| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] |
| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params |
| pages/[id].jsx:25:11:25:27 | context.params.id | semmle.label | context.params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" |
| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query |
| pages/[id].jsx:26:10:26:30 | context ... .foobar | semmle.label | context ... .foobar |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" |
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") |
@@ -273,11 +267,9 @@ nodes
| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query |
| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-state.js:4:9:4:49 | state | semmle.label | state |
| react-use-state.js:4:10:4:14 | state | semmle.label | state |
| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name |
| react-use-state.js:5:51:5:55 | state | semmle.label | state |
| react-use-state.js:9:9:9:43 | state | semmle.label | state |
| react-use-state.js:9:10:9:14 | state | semmle.label | state |
| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name |
| react-use-state.js:11:51:11:55 | state | semmle.label | state |
| react-use-state.js:15:9:15:43 | state | semmle.label | state |
@@ -616,7 +608,6 @@ nodes
| various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | semmle.label | '<div a ... </div>' |
| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') |
| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | semmle.label | attrs.defaultattr |
| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | semmle.label | '<div a ... 'left') |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | semmle.label | '<div a ... ntent)) |
@@ -624,7 +615,6 @@ nodes
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | semmle.label | '<div a ... /div>') |
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | semmle.label | '<div a ... /div>') [ArrayElement] |
| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | semmle.label | attrs.defaultattr |
| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' |
| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) |
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search |
@@ -642,8 +632,7 @@ edges
| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | provenance | |
| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | provenance | |
| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | provenance | |
| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | provenance | |
| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | provenance | |
| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:43:5:48 | data | provenance | |
| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | provenance | |
| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | provenance | |
| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | provenance | |
@@ -689,31 +678,18 @@ edges
| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | |
| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config |
| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | |
| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | Config |
| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | |
| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | Config |
| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | |
| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | Config |
| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | |
| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | Config |
| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | |
| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | Config |
| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | |
| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | Config |
| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | |
| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | Config |
| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | |
| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | Config |
| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | |
| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | Config |
| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | |
| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | Config |
| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | |
| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | Config |
| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | |
| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | Config |
| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | |
| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | Config |
| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | |
| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | |
| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | |
@@ -722,23 +698,14 @@ edges
| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | |
| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config |
| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | |
| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | Config |
| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | |
| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | Config |
| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | |
| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | Config |
| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | |
| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | Config |
| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | |
| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | Config |
| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | |
| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | Config |
| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | |
| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | Config |
| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | |
| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | Config |
| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | |
| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | Config |
| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | |
| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | |
| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | |
@@ -746,19 +713,12 @@ edges
| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | |
| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config |
| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | |
| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | Config |
| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | |
| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | Config |
| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | |
| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | Config |
| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | |
| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | Config |
| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | |
| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | Config |
| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | |
| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | Config |
| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | |
| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | Config |
| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | |
| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | |
| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | |
@@ -766,19 +726,12 @@ edges
| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | |
| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config |
| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | |
| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | Config |
| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | |
| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | Config |
| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | |
| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | Config |
| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | |
| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | Config |
| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | |
| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | Config |
| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | |
| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | Config |
| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | |
| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | Config |
| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | |
| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | |
| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | |
@@ -794,18 +747,12 @@ edges
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | |
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" | provenance | Config |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | Config |
| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | |
| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | Config |
| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "<b>" + ... "</b>" | provenance | Config |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | Config |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | Config |
| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | |
| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | Config |
| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | |
| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | Config |
| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | |
@@ -825,10 +772,8 @@ edges
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | provenance | |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | provenance | |
| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | |
| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | |
| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | |
@@ -872,19 +817,16 @@ edges
| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | |
| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | |
| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | provenance | |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:9:5:29 | id | provenance | |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | |
| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | provenance | |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | |
| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | |
| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | |
| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | |
| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | provenance | |
| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | provenance | |
| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | |
@@ -900,11 +842,9 @@ edges
| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router [ArrayElement] | provenance | |
| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | |
| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | |
| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | provenance | |
| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | provenance | |
| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:9:4:49 | state | provenance | |
| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | |
| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | provenance | |
| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | provenance | |
| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:9:9:43 | state | provenance | |
| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | |
| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | |
| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | |
@@ -931,27 +871,18 @@ edges
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' | provenance | |
| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | Config |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | Config |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | Config |
| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | |
| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | |
| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | provenance | |
| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | provenance | Config |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | Config |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | Config |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | Config |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | Config |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | Config |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | Config |
| tainted-url-suffix-arguments.js:3:17:3:17 | y | tainted-url-suffix-arguments.js:6:22:6:22 | y | provenance | |
| tainted-url-suffix-arguments.js:11:11:11:36 | url | tainted-url-suffix-arguments.js:12:17:12:19 | url | provenance | |
| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:11:11:11:36 | url | provenance | |
@@ -967,7 +898,6 @@ edges
| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | |
| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | Config |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | |
| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config |
| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | |
@@ -1005,7 +935,6 @@ edges
| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | |
| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | |
| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | |
| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config |
| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | |
| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config |
| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | |
@@ -1073,19 +1002,14 @@ edges
| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | |
| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | |
| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | |
| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | Config |
| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | |
| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | Config |
| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | |
| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | Config |
| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | |
| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | Config |
| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | |
| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | |
| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | |
| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | |
| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | |
| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | Config |
| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | |
| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | |
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | |
@@ -1121,17 +1045,13 @@ edges
| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | |
| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | |
| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | |
| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | Config |
| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | provenance | |
| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | |
| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | |
| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | |
| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | Config |
| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | |
| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | Config |
| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | provenance | |
| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | |
| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | Config |
| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | |
| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | |
| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | |
@@ -1141,16 +1061,13 @@ edges
| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | |
| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | |
| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | |
| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | Config |
| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | |
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | |
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config |
| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | |
| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | |
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | |
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | Config |
| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | |
| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | |
| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | |
@@ -1162,7 +1079,6 @@ edges
| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | |
| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | |
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | |
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | Config |
| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | |
| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | |
| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | |
@@ -1177,11 +1093,9 @@ edges
| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config |
| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config |
| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | |
| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | Config |
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | |
| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | |
| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | |
| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | Config |
| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | |
@@ -1210,9 +1124,7 @@ edges
| various-concat-obfuscations.js:12:19:12:25 | tainted | various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | provenance | Config |
| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | |
| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | provenance | Config |
| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | |
| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | Config |
| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | |
| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | |
| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | provenance | |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | provenance | |
@@ -1220,17 +1132,13 @@ edges
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | Config |
| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | |
| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | provenance | Config |
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | provenance | |
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | provenance | Config |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | provenance | |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | Config |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | provenance | Config |

116
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected
View File

@@ -4,7 +4,6 @@ nodes
| addEventListener.js:2:20:2:29 | event.data | semmle.label | event.data |
| addEventListener.js:5:43:5:48 | data | semmle.label | data |
| addEventListener.js:5:43:5:48 | {data} | semmle.label | {data} |
| addEventListener.js:5:44:5:47 | data | semmle.label | data |
| addEventListener.js:6:20:6:23 | data | semmle.label | data |
| addEventListener.js:10:21:10:25 | event | semmle.label | event |
| addEventListener.js:12:24:12:28 | event | semmle.label | event |
@@ -189,9 +188,7 @@ nodes
| jquery.js:37:31:37:37 | tainted | semmle.label | tainted |
| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | semmle.label | `https: ... ocale}` |
| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | semmle.label | `https: ... ocale}` |
| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale |
| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) |
| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale |
@@ -244,7 +241,6 @@ nodes
| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] |
| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } |
| pages/[id].jsx:5:9:5:29 | id | semmle.label | id |
| pages/[id].jsx:5:11:5:12 | id | semmle.label | id |
| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query |
| pages/[id].jsx:10:44:10:45 | id | semmle.label | id |
| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] |
@@ -254,10 +250,8 @@ nodes
| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] |
| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] |
| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params |
| pages/[id].jsx:25:11:25:27 | context.params.id | semmle.label | context.params.id |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" |
| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query |
| pages/[id].jsx:26:10:26:30 | context ... .foobar | semmle.label | context ... .foobar |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" |
| react-native.js:7:7:7:33 | tainted | semmle.label | tainted |
| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") |
@@ -278,11 +272,9 @@ nodes
| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query |
| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar |
| react-use-state.js:4:9:4:49 | state | semmle.label | state |
| react-use-state.js:4:10:4:14 | state | semmle.label | state |
| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name |
| react-use-state.js:5:51:5:55 | state | semmle.label | state |
| react-use-state.js:9:9:9:43 | state | semmle.label | state |
| react-use-state.js:9:10:9:14 | state | semmle.label | state |
| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name |
| react-use-state.js:11:51:11:55 | state | semmle.label | state |
| react-use-state.js:15:9:15:43 | state | semmle.label | state |
@@ -623,7 +615,6 @@ nodes
| various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | semmle.label | '<div a ... </div>' |
| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') |
| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | semmle.label | attrs.defaultattr |
| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | semmle.label | '<div a ... 'left') |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | semmle.label | '<div a ... ntent)) |
@@ -631,7 +622,6 @@ nodes
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | semmle.label | '<div a ... /div>') |
| various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | semmle.label | '<div a ... /div>') [ArrayElement] |
| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs |
| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | semmle.label | attrs.defaultattr |
| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' |
| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) |
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search |
@@ -656,15 +646,13 @@ nodes
| xmlRequest.js:21:11:21:38 | json | semmle.label | json |
| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | semmle.label | JSON.pa ... p.body) |
| xmlRequest.js:21:29:21:32 | resp | semmle.label | resp |
| xmlRequest.js:21:29:21:37 | resp.body | semmle.label | resp.body |
| xmlRequest.js:22:24:22:27 | json | semmle.label | json |
| xmlRequest.js:22:24:22:35 | json.message | semmle.label | json.message |
edges
| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | provenance | |
| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | provenance | |
| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | provenance | |
| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | provenance | |
| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | provenance | |
| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:43:5:48 | data | provenance | |
| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | provenance | |
| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | provenance | |
| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | provenance | |
@@ -710,31 +698,18 @@ edges
| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | |
| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config |
| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | |
| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | Config |
| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | |
| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | Config |
| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | |
| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | Config |
| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | |
| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | Config |
| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | |
| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | Config |
| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | |
| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | Config |
| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | |
| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | Config |
| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | |
| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | Config |
| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | |
| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | Config |
| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | |
| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | Config |
| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | |
| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | Config |
| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | |
| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | Config |
| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | |
| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | Config |
| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | |
| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | |
| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | |
@@ -743,23 +718,14 @@ edges
| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | |
| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config |
| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | |
| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | Config |
| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | |
| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | Config |
| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | |
| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | Config |
| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | |
| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | Config |
| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | |
| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | Config |
| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | |
| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | Config |
| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | |
| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | Config |
| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | |
| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | Config |
| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | |
| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | Config |
| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | |
| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | |
| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | |
@@ -767,19 +733,12 @@ edges
| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | |
| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config |
| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | |
| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | Config |
| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | |
| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | Config |
| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | |
| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | Config |
| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | |
| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | Config |
| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | |
| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | Config |
| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | |
| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | Config |
| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | |
| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | Config |
| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | |
| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | |
| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | |
@@ -787,19 +746,12 @@ edges
| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | |
| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config |
| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | |
| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | Config |
| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | |
| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | Config |
| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | |
| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | Config |
| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | |
| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | Config |
| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | |
| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | Config |
| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | |
| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | Config |
| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | |
| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | Config |
| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | |
| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | |
| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | |
@@ -815,18 +767,12 @@ edges
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | |
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" | provenance | Config |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | Config |
| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | |
| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | Config |
| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "<b>" + ... "</b>" | provenance | Config |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | |
| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | Config |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | |
| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | Config |
| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | |
| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | Config |
| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | |
| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | Config |
| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | |
| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | |
@@ -846,10 +792,8 @@ edges
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | |
| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | |
| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | |
| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | provenance | |
| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | provenance | |
| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | |
| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | |
| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | |
| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | |
@@ -897,19 +841,16 @@ edges
| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | |
| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | |
| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | provenance | |
| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:9:5:29 | id | provenance | |
| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | |
| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | provenance | |
| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | |
| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | |
| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | |
| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | |
| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | provenance | |
| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | |
| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | |
| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | provenance | |
| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | |
| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | |
| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | |
@@ -925,11 +866,9 @@ edges
| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router [ArrayElement] | provenance | |
| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | |
| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | |
| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | provenance | |
| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | provenance | |
| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:9:4:49 | state | provenance | |
| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | |
| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | provenance | |
| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | provenance | |
| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:9:9:43 | state | provenance | |
| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | |
| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | |
| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | |
@@ -956,27 +895,18 @@ edges
| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '<b>' + ... '</b>' | provenance | |
| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | Config |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | Config |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | Config |
| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | |
| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | |
| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | provenance | |
| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "<a hre ... ar</a>" | provenance | Config |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | Config |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | Config |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | Config |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | Config |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | Config |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | Config |
| tainted-url-suffix-arguments.js:3:17:3:17 | y | tainted-url-suffix-arguments.js:6:22:6:22 | y | provenance | |
| tainted-url-suffix-arguments.js:11:11:11:36 | url | tainted-url-suffix-arguments.js:12:17:12:19 | url | provenance | |
| tainted-url-suffix-arguments.js:11:17:11:36 | window.location.href | tainted-url-suffix-arguments.js:11:11:11:36 | url | provenance | |
@@ -992,7 +922,6 @@ edges
| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | |
| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | Config |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | |
| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config |
| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | |
@@ -1030,7 +959,6 @@ edges
| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | |
| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | |
| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | |
| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config |
| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | |
| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config |
| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | |
@@ -1098,19 +1026,14 @@ edges
| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | |
| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | |
| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | |
| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | Config |
| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | |
| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | Config |
| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | |
| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | Config |
| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | |
| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | Config |
| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | |
| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | |
| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | |
| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | |
| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | |
| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | Config |
| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | |
| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | |
| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | |
@@ -1146,17 +1069,13 @@ edges
| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | |
| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | |
| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | |
| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | Config |
| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | provenance | |
| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | |
| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | |
| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | |
| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | Config |
| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | |
| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | Config |
| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | provenance | |
| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | |
| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | Config |
| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | |
| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | |
| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | |
@@ -1166,16 +1085,13 @@ edges
| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | |
| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | |
| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | |
| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | Config |
| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | |
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | |
| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config |
| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') [1] | provenance | Config |
| tst.js:424:18:424:48 | window. ... it('#') [1] | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | |
| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | |
| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | |
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | |
| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | Config |
| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | |
| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | |
| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | |
@@ -1187,7 +1103,6 @@ edges
| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | |
| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | |
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | |
| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | Config |
| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | |
| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | |
| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | |
@@ -1202,12 +1117,10 @@ edges
| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config |
| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config |
| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | |
| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | Config |
| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | provenance | |
| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | |
| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | |
| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | |
| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | Config |
| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | |
| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | |
@@ -1236,9 +1149,7 @@ edges
| various-concat-obfuscations.js:12:19:12:25 | tainted | various-concat-obfuscations.js:12:4:12:34 | ["<div ... "\\"/>"] | provenance | Config |
| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | |
| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '<div a ... </div>' | provenance | Config |
| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | |
| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | Config |
| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | |
| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | |
| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | provenance | |
| various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | provenance | |
@@ -1246,17 +1157,13 @@ edges
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') | provenance | |
| various-concat-obfuscations.js:18:10:18:88 | '<div a ... ntent)) [ArrayElement] | various-concat-obfuscations.js:18:10:18:105 | '<div a ... /div>') [ArrayElement] | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | Config |
| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | |
| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | |
| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '<div a ... 'left') | provenance | Config |
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | provenance | |
| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | provenance | Config |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | provenance | |
| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | provenance | Config |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | provenance | |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | provenance | Config |
| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) [ArrayElement] | provenance | Config |
@@ -1274,8 +1181,7 @@ edges
| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | provenance | |
| xmlRequest.js:21:11:21:38 | json | xmlRequest.js:22:24:22:27 | json | provenance | |
| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | xmlRequest.js:21:11:21:38 | json | provenance | |
| xmlRequest.js:21:29:21:32 | resp | xmlRequest.js:21:29:21:37 | resp.body | provenance | |
| xmlRequest.js:21:29:21:37 | resp.body | xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | provenance | |
| xmlRequest.js:21:29:21:32 | resp | xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | provenance | |
| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | provenance | |
subpaths
| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) |

2
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js
View File

@@ -373,7 +373,7 @@ function test() {
// NOT OK
$('myId').html(target)
// OK
// OK - but only safe because contents are URI-encoded
$('myid').html(document.location.href.split("?")[0]);
}